CVE-2024-4603Unchecked Input for Loop Condition in Openssl

CWE-606Unchecked Input for Loop ConditionCWE-834Excessive Iteration14 documents10 sources
Severity
5.3MEDIUMNVD
OSV5.9
EPSS
0.1%
top 74.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
OpensslDebian OpensslPaloalto Cortex XDR+17 more
Timeline
PublishedMay 16
Latest updateFeb 13

Description

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform various checks on DSA parameters. Som

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages23 packages

debiandebian/openssl< openssl 3.0.14-1~deb12u1 (bookworm)
CVEListV5openssl/openssl3.0.03.0.14+3
Alpineopenssl/openssl< 3.0.13-r0+6
Debianopenssl/openssl< 3.0.14-1~deb12u1+2
Ubuntuopenssl/openssl< 1.1.1f-1ubuntu2.23+2

🔴Vulnerability Details

4
OSV
openssl vulnerabilities2024-07-31
OSV
CVE-2024-4603: Issue summary: Checking excessively long DSA keys or parameters may be very slow2024-05-16
GHSA
GHSA-85xr-ghj6-6m46: Issue summary: Checking excessively long DSA keys or parameters may be very slow2024-05-16
OSV
CVE-2024-4603: Issue summary: Checking excessively long DSA keys or parameters may be very slow2024-05-16

📋Vendor Advisories

9
CISA ICS
Siemens SCALANCE W7002025-02-13
CISA ICS
Siemens SCALANCE M-800 Family2024-11-14
Palo Alto
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent2024-11-07
Oracle
Oracle Oracle Communications Risk Matrix: Configuration (OpenSSL) — CVE-2024-46032024-10-15
Ubuntu
OpenSSL vulnerabilities2024-07-31
CVE-2024-4603 — Unchecked Input for Loop Condition | cvebase