CVE-2023-3446 Report - Details, Severity, & Advisories
Twingate Team
•
May 13, 2024
CVE-2023-3446 is a medium-severity vulnerability affecting systems using certain versions of OpenSSL. The issue involves excessive time spent checking DH keys or parameters, which could potentially lead to a Denial of Service if the key or parameters are obtained from an untrusted source.
How do I know if I'm affected?
To determine if you're affected by the CVE-2023-3446 vulnerability, you'll need to check if your system is running any of the following OpenSSL versions: 1.0.2, 1.1.1, 3.0.0, 3.1.0, or 3.1.1. This vulnerability is related to excessive time spent checking DH keys or parameters, which could lead to a Denial of Service if the key or parameters are obtained from an untrusted source. Applications using functions like DH\_check(), DH\_check\_ex(), or EVP\_PKEY\_param\_check() are particularly affected. Keep in mind that the OpenSSL SSL/TLS implementation and the OpenSSL 3.0 and 3.1 FIPS providers are not impacted by this issue.
What should I do if I'm affected?
If you're affected by the this vulnerability, follow these steps: Check if your system uses OpenSSL versions 1.0.2, 1.1.1, 3.0.0, 3.1.0, or 3.1.1. Apply the fix available in the mentioned commits in the OpenSSL git repository. Wait for the next OpenSSL releases, which will include the fix. Remember, OpenSSL 1.1.1 will reach end-of-life on 2023-09-11, so plan accordingly.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-3446 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue is related to OpenSSL and involves excessively long DH keys or parameters, which could lead to potential Denial of Service attacks. Affected functions include DH\_check(), DH\_check\_ex(), and EVP\_PKEY\_param\_check(). The vulnerability impacts OpenSSL versions 1.0.2, 1.1.1, 3.0.0, 3.1.0, and 3.1.1. A fix is available in the OpenSSL git repository.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-1333 involves inefficient checking of DH keys and parameters in OpenSSL, which may cause slow performance and potential Denial of Service attacks. Affected functions include DH\_check(), DH\_check\_ex(), and EVP\_PKEY\_param\_check().
For more details
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the National Vulnerability Database page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-3446 Report - Details, Severity, & Advisories
Twingate Team
•
May 13, 2024
CVE-2023-3446 is a medium-severity vulnerability affecting systems using certain versions of OpenSSL. The issue involves excessive time spent checking DH keys or parameters, which could potentially lead to a Denial of Service if the key or parameters are obtained from an untrusted source.
How do I know if I'm affected?
To determine if you're affected by the CVE-2023-3446 vulnerability, you'll need to check if your system is running any of the following OpenSSL versions: 1.0.2, 1.1.1, 3.0.0, 3.1.0, or 3.1.1. This vulnerability is related to excessive time spent checking DH keys or parameters, which could lead to a Denial of Service if the key or parameters are obtained from an untrusted source. Applications using functions like DH\_check(), DH\_check\_ex(), or EVP\_PKEY\_param\_check() are particularly affected. Keep in mind that the OpenSSL SSL/TLS implementation and the OpenSSL 3.0 and 3.1 FIPS providers are not impacted by this issue.
What should I do if I'm affected?
If you're affected by the this vulnerability, follow these steps: Check if your system uses OpenSSL versions 1.0.2, 1.1.1, 3.0.0, 3.1.0, or 3.1.1. Apply the fix available in the mentioned commits in the OpenSSL git repository. Wait for the next OpenSSL releases, which will include the fix. Remember, OpenSSL 1.1.1 will reach end-of-life on 2023-09-11, so plan accordingly.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-3446 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue is related to OpenSSL and involves excessively long DH keys or parameters, which could lead to potential Denial of Service attacks. Affected functions include DH\_check(), DH\_check\_ex(), and EVP\_PKEY\_param\_check(). The vulnerability impacts OpenSSL versions 1.0.2, 1.1.1, 3.0.0, 3.1.0, and 3.1.1. A fix is available in the OpenSSL git repository.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-1333 involves inefficient checking of DH keys and parameters in OpenSSL, which may cause slow performance and potential Denial of Service attacks. Affected functions include DH\_check(), DH\_check\_ex(), and EVP\_PKEY\_param\_check().
For more details
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the National Vulnerability Database page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-3446 Report - Details, Severity, & Advisories
Twingate Team
•
May 13, 2024
CVE-2023-3446 is a medium-severity vulnerability affecting systems using certain versions of OpenSSL. The issue involves excessive time spent checking DH keys or parameters, which could potentially lead to a Denial of Service if the key or parameters are obtained from an untrusted source.
How do I know if I'm affected?
To determine if you're affected by the CVE-2023-3446 vulnerability, you'll need to check if your system is running any of the following OpenSSL versions: 1.0.2, 1.1.1, 3.0.0, 3.1.0, or 3.1.1. This vulnerability is related to excessive time spent checking DH keys or parameters, which could lead to a Denial of Service if the key or parameters are obtained from an untrusted source. Applications using functions like DH\_check(), DH\_check\_ex(), or EVP\_PKEY\_param\_check() are particularly affected. Keep in mind that the OpenSSL SSL/TLS implementation and the OpenSSL 3.0 and 3.1 FIPS providers are not impacted by this issue.
What should I do if I'm affected?
If you're affected by the this vulnerability, follow these steps: Check if your system uses OpenSSL versions 1.0.2, 1.1.1, 3.0.0, 3.1.0, or 3.1.1. Apply the fix available in the mentioned commits in the OpenSSL git repository. Wait for the next OpenSSL releases, which will include the fix. Remember, OpenSSL 1.1.1 will reach end-of-life on 2023-09-11, so plan accordingly.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-3446 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue is related to OpenSSL and involves excessively long DH keys or parameters, which could lead to potential Denial of Service attacks. Affected functions include DH\_check(), DH\_check\_ex(), and EVP\_PKEY\_param\_check(). The vulnerability impacts OpenSSL versions 1.0.2, 1.1.1, 3.0.0, 3.1.0, and 3.1.1. A fix is available in the OpenSSL git repository.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-1333 involves inefficient checking of DH keys and parameters in OpenSSL, which may cause slow performance and potential Denial of Service attacks. Affected functions include DH\_check(), DH\_check\_ex(), and EVP\_PKEY\_param\_check().
For more details
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the National Vulnerability Database page or the resources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions