CVE-2023-3817Unchecked Input for Loop Condition in Openssl

CWE-606Unchecked Input for Loop ConditionCWE-834Excessive IterationCWE-754Improper Check for Unusual or Exceptional ConditionsCWE-325Missing Cryptographic Step43 documents11 sources
Severity
5.3MEDIUMNVD
OSV7.4
EPSS
0.3%
top 44.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
OpensslTianocore Edk2Paloalto Cortex XDR
Timeline
PublishedJul 31
Latest updateNov 28

Description

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages7 packages

CVEListV5openssl/openssl3.1.03.1.2+7
NVDopenssl/openssl3.0.03.0.10+61
Alpineopenssl/openssl< 1.1.1w-r1+17
Debianopenssl/openssl< 1.1.1w-0+deb11u2+7
Ubuntuopenssl/openssl< 1.1.1f-1ubuntu2.20+3

Patches

Patch: git.openssl.orgPatch: git.openssl.orgPatch: git.openssl.org

🔴Vulnerability Details

14
OSV
edk2 regression2025-11-28
OSV
edk2 vulnerabilities2025-11-26
OSV
openssl1.0 vulnerabilities2024-03-21
CVEList
Excessive time spent in DH check / generation with large Q parameter value2023-11-06
OSV
CVE-2023-5678: Issue summary: Generating excessively long X92023-11-06

📋Vendor Advisories

27
Ubuntu
EDK II regression2025-11-28
Ubuntu
EDK II vulnerabilities2025-11-26
CISA ICS
Siemens SINEC OS2025-08-14
CISA ICS
Siemens SIDIS Prime2025-04-10
CISA ICS
Siemens SCALANCE W7002025-02-13