CVE-2023-6237 — Unchecked Input for Loop Condition in Openssl

CWE-606 — Unchecked Input for Loop Condition CWE-400 — Uncontrolled Resource Consumption18 documents8 sources

Severity

5.9MEDIUMNVD

OSV7.4OSV5.3

EPSS

0.5%

top 33.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Haxx Curl Tianocore Edk2 +18 more

Timeline

PublishedApr 25

Latest updateNov 28

Description

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages24 packages

▶debiandebian/openssl< openssl 3.0.13-1~deb12u1 (bookworm)

▶CVEListV5openssl/openssl3.0.0 — 3.0.13+2

▶Alpineopenssl/openssl< 3.0.12-r3+6

▶Debianopenssl/openssl< 3.0.13-1~deb12u1+2

▶Ubuntuopenssl/openssl< 1.1.1f-1ubuntu2.21+1

🔴Vulnerability Details

OSV

edk2 regression↗2025-11-28

▶

OSV

edk2 vulnerabilities↗2025-11-26

▶

OSV

CVE-2023-6237: Issue summary: Checking excessively long invalid RSA public keys may take a long time↗2024-04-25

▶

GHSA

GHSA-hvc4-mjv4-5mw6: Issue summary: Checking excessively long invalid RSA public keys may take a long time↗2024-04-25

▶

OSV

CVE-2023-6237: Issue summary: Checking excessively long invalid RSA public keys may take a long time↗2024-04-25

▶

📋Vendor Advisories

Ubuntu

EDK II regression↗2025-11-28

▶

Ubuntu

EDK II vulnerabilities↗2025-11-26

▶

CISA ICS

Siemens SCALANCE W700↗2025-02-13

▶

CISA ICS

Siemens SINEC NMS↗2024-11-14

▶

CISA ICS

Siemens SINEC INS↗2024-11-14

▶