CVE-2023-2650 — Allocation of Resources Without Limits or Throttling in Openssl
Severity
6.5MEDIUMNVD
OSV7.5OSV7.4OSV5.9
EPSS
92.0%
top 0.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 30
Latest updateApr 7
Description
Issue summary: Processing some specially crafted ASN.1 object identifiers or
data containing them may be very slow.
Impact summary: Applications that use OBJ_obj2txt() directly, or use any of
the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message
size limit may experience notable to very long delays when processing those
messages, which may lead to a Denial of Service.
An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -
most of which have no size …
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6
Affected Packages28 packages
Also affects: Debian Linux 10.0, 11.0
Patches
🔴Vulnerability Details
7📋Vendor Advisories
17CISA ICS▶
Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update D)↗2026-04-07
Palo Alto
▶