CVE-2023-3446 — Unchecked Input for Loop Condition in Openssl

CWE-606 — Unchecked Input for Loop Condition CWE-1333 — Regex Denial of Service CWE-834 — Excessive Iteration CWE-400 — Uncontrolled Resource Consumption36 documents9 sources

Severity

5.3MEDIUMNVD

OSV7.4OSV3.7

EPSS

0.9%

top 23.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Tianocore Edk2 Debian Openssl +8 more

Timeline

PublishedJul 19

Latest updateNov 28

Description

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages15 packages

▶debiandebian/openssl< openssl 3.0.10-1~deb12u1 (bookworm)

▶CVEListV5openssl/openssl1.0.2 — 1.0.2zj+7

▶NVDopenssl/openssl3.0.0 — 3.0.10+60

▶Alpineopenssl/openssl< 1.1.1u-r2+17

▶Debianopenssl/openssl< 1.1.1v-0~deb11u1+3

Patches

Patch: git.openssl.org ↗Patch: git.openssl.org ↗Patch: git.openssl.org ↗

🔴Vulnerability Details

OSV

edk2 regression↗2025-11-28

▶

OSV

edk2 vulnerabilities↗2025-11-26

▶

OSV

openssl vulnerabilities↗2024-09-18

▶

OSV

openssl1.0 vulnerabilities↗2024-03-21

▶

OSV

openssl vulnerabilities↗2023-10-25

▶

📋Vendor Advisories

Ubuntu

EDK II regression↗2025-11-28

▶

Ubuntu

EDK II vulnerabilities↗2025-11-26

▶

CISA ICS

Siemens SIDIS Prime↗2025-04-10

▶

CISA ICS

Siemens SCALANCE W700↗2025-02-13

▶

CISA ICS

Siemens SINEC INS↗2024-11-14

▶