cbcvebase.
CVE-2023-2650
published 2023-05-30

CVE-2023-2650: Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use…

PriorityP352medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
73.46%
99.4th percentile
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively l

Affected

50 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianopenssl< openssl 3.0.9-1 (bookworm)openssl 3.0.9-1 (bookworm)
msrcazl3_edk2_20230301gitf80f052277c8-37_on_azure_linux_3.0
msrcazl3_rust_1.75.0-14_on_azure_linux_3.0
msrcazl3_rust_1.86.0-1_on_azure_linux_3.0
msrcazl3_shim-unsigned-aarch64_15.8-5_on_azure_linux_3.0
msrcazl3_shim-unsigned-x64_15.8-5_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_edk2_20230301gitf80f052277c8-37_on_cbl_mariner_2.0
msrccbl2_hvloader_1.0.1-11_on_cbl_mariner_2.0
msrccbl2_hvloader_1.0.1-9_on_cbl_mariner_2.0
msrccbl2_kata-containers-cc_0.4.1-2_on_cbl_mariner_2.0
msrccbl2_openssl_1.1.1k-25_on_cbl_mariner_2.0
msrccbl2_qemu_6.2.0-24_on_cbl_mariner_2.0
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
msrccm1_openssl_1.1.1k-16_on_cbl_mariner_1.0
nodejsnodejs>= 0 < 10.19.0~dfsg-3ubuntu1.510.19.0~dfsg-3ubuntu1.5
nodejsnodejs>= 0 < 12.22.9~dfsg-1ubuntu3.412.22.9~dfsg-1ubuntu3.4
opensslopenssl>= 0 < 1.1.1u-r01.1.1u-r0
opensslopenssl>= 0 < 1.1.1u-r01.1.1u-r0

Detection & IOCsextracted from sources · hover to see the quote

  • Trigger vector is a specially crafted ASN.1 OBJECT IDENTIFIER with an oversized sub-identifier (tens or hundreds of KiBs) delivered via DER-encoded data — monitor for abnormally large OID fields in certificates, OCSP responses, PKCS7/SMIME, CMS, CMP/CRMF, or TS messages
  • Affected OpenSSL API entry point is OBJ_obj2txt(); instrument or audit code paths calling this function with untrusted input (DER-encoded ASN1_OBJECT) as a detection/triage signal
  • In OpenSSL 3.0+, the vulnerable path is also reachable through AlgorithmIdentifier processing — flag X.509 certificate signature verification, OCSP, PKCS7/SMIME, CMS, CMP/CRMF, and TS subsystems as high-interest inspection points
  • TLS exposure is bounded by OpenSSL's 100 KiB certificate-chain limit; however, TLS clients and servers with explicit client-auth enabled remain in scope — prioritise monitoring of mTLS endpoints
  • In ICS/OT environments, the attack surface includes BACnet Secure Connect certificate import — alert on certificate imports from untrusted sources on ICONICS/GENESIS64 and Mitsubishi CC-Link IE TSN devices
  • Denial-of-service symptom is CPU exhaustion with O(n^2) time complexity proportional to sub-identifier byte length — anomalous CPU spikes in OpenSSL-linked processes during certificate/message parsing are a behavioural indicator
  • ·OpenSSL 3.0 and newer are the primary high-severity targets; OpenSSL 1.1.1 and 1.0.2 are considered low-severity because the vulnerable code path (OBJ_obj2txt via AlgorithmIdentifier) is not typically exercised in a DoS-relevant way in those versions
  • ·Applications using OBJ_obj2txt() only for display purposes (not algorithm fetching) are considered low-severity regardless of OpenSSL version
  • ·For ICONICS/GENESIS64 products, the vulnerability is only exploitable when the BACnet Secure Connect feature is enabled; it is disabled by default

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_oracle7.5MEDIUM
vendor_ubuntu7.5HIGH
vendor_debian6.5MEDIUM
vendor_msrc6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.