CVE-2023-6237

EUVD-2023-58483

25.04.2024, 07:15

Issue summary: Checking excessively long invalid RSA public keys may take
a long time.

Impact summary: Applications that use the function EVP_PKEY_public_check()
to check RSA public keys may experience long delays. Where the key that
is being checked has been obtained from an untrusted source this may lead
to a Denial of Service.

When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.

An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.

The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the '-pubin' and '-check' options on untrusted data.

The OpenSSL SSL/TLS implementation is not affected by this issue.

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
openssl	CNA	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 76%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
Siemens	SIMATIC S7-1500 TM MFP - GNU\/Linux subsystem	𝑥 < *	ADP
Siemens	SINEC NMS	𝑥 < V3.0 SP1	ADP
openssl	openssl	3.0.0 ≤ 𝑥 < 3.0.13	CNA
openssl	openssl	3.1.0 ≤ 𝑥 < 3.1.5	CNA
openssl	openssl	3.2.0 ≤ 𝑥 < 3.2.1	CNA

Debian Releases

Debian Product

Codename

openssl

bookworm	3.0.15-1~deb12u1 fixed
bookworm (security)	3.0.14-1~deb12u2 fixed
bullseye	1.1.1w-0+deb11u1 not-affected
bullseye (security)	1.1.1w-0+deb11u2 fixed
buster	not-affected
sid	3.3.2-2 fixed
trixie	3.3.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

edk2

bionic	not-affected
focal	not-affected
jammy	not-affected
lunar	not-affected
mantic	not-affected
noble	needed
oracular	needed
trusty	ignored
xenial	not-affected

nodejs

bionic	needs-triage
focal	not-affected
jammy	needed
lunar	not-affected
mantic	not-affected
noble	not-affected
oracular	not-affected
trusty	not-affected
xenial	needs-triage

openssl

bionic	not-affected
focal	not-affected
jammy	Fixed 3.0.2-0ubuntu1.14 released
lunar	ignored
mantic	Fixed 3.0.10-1ubuntu2.2 released
noble	Fixed 3.0.10-1ubuntu4 released
oracular	Fixed 3.0.10-1ubuntu4 released
trusty	not-affected
xenial	not-affected

openssl1.0

bionic	not-affected
focal	dne
jammy	dne
lunar	dne
mantic	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

openSUSE / SLES Releases

openSUSE Product

Release

libopenssl-3-devel

suse enterprise desktop 15 SP5	3.0.8-150500.5.24.1 fixed
suse enterprise desktop 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise sap 15 SP5	3.0.8-150500.5.24.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise sap 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise server 15 SP4	3.0.8-150400.4.49.1 fixed
suse enterprise server 15 SP5	3.0.8-150500.5.24.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise server 15 SP7	3.2.3-150700.3.20 fixed

libopenssl-3-fips-provider

suse enterprise desktop 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise sap 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise sap 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise server 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise server 15 SP7	3.2.3-150700.3.20 fixed

libopenssl-3-fips-provider-32bit

suse enterprise desktop 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise sap 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise sap 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise server 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise server 15 SP7	3.2.3-150700.3.20 fixed

libopenssl3

suse enterprise desktop 15 SP5	3.0.8-150500.5.24.1 fixed
suse enterprise desktop 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise sap 15 SP5	3.0.8-150500.5.24.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise sap 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise server 15 SP4	3.0.8-150400.4.49.1 fixed
suse enterprise server 15 SP5	3.0.8-150500.5.24.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise server 15 SP7	3.2.3-150700.3.20 fixed

libopenssl3-32bit

suse enterprise desktop 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise sap 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise sap 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise server 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise server 15 SP7	3.2.3-150700.3.20 fixed

openssl-3

suse enterprise desktop 15 SP5	3.0.8-150500.5.24.1 fixed
suse enterprise desktop 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise sap 15 SP5	3.0.8-150500.5.24.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise sap 15 SP7	3.2.3-150700.3.20 fixed
suse enterprise server 15 SP4	3.0.8-150400.4.49.1 fixed
suse enterprise server 15 SP5	3.0.8-150500.5.24.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.3.6 fixed
suse enterprise server 15 SP7	3.2.3-150700.3.20 fixed