/

CVE-2023-3817 Report - Details, Severity, & Advisories

CVE-2023-3817 Report - Details, Severity, & Advisories

Twingate Team

May 3, 2024

CVE-2023-3817 is a medium-severity vulnerability affecting various versions of OpenSSL, with the exception of the OpenSSL SSL/TLS implementation and the OpenSSL 3.0 and 3.1 FIPS providers. The issue is related to excessively long DH keys or parameters, which can cause applications to experience long delays, potentially leading to a Denial of Service. This vulnerability impacts applications that use specific functions to check a DH key or DH parameters, as well as the OpenSSL dhparam and pkeyparam command line applications when using the -check option.

How do I know if I'm affected?

To determine if you're affected by the CVE-2023-3817 vulnerability, check if your application uses the functions DH_check(), DH_check_ex(), or EVP_PKEY_param_check() to verify DH keys or parameters. If these keys or parameters come from untrusted sources, your application could be vulnerable to a Denial of Service attack. Additionally, if you use the OpenSSL dhparam and pkeyparam command line applications with the "-check" option, you might be affected. The impacted OpenSSL versions include 1.0.2 (all versions from "-" to "zf"), 1.1.1 (all versions from "-" to "u"), 3.0.0 to 3.0.10, and 3.1.0 to 3.1.2.

What should I do if I'm affected?

If you're affected by the CVE-2023-3817 vulnerability, apply the fix available in the mentioned OpenSSL Security Advisory or wait for the next OpenSSL release containing the fix. For non-technical users, consider contacting your IT department or a cybersecurity professional for assistance in applying the fix or updating your OpenSSL version.

Is CVE-2023-3817 in CISA’s Known Exploited Vulnerabilities Catalog?

As of now, CVE-2023-3817 is not listed in CISA's Known Exploited Vulnerabilities Catalog. This medium-severity vulnerability affects certain versions of OpenSSL and is related to excessively long DH keys or parameters, which can cause applications to experience long delays, potentially leading to a Denial of Service. The vulnerability was published on July 31, 2023, but no specific due date or required action is mentioned on the NVD page.

Weakness enumeration

The Weakness Enumeration for CVE-2023-3817 is identified as CWE-834, which refers to Excessive Iteration. This vulnerability can cause long delays in applications, potentially leading to a Denial of Service.

For more details

CVE-2023-3817 is a medium-severity vulnerability affecting various versions of OpenSSL, which can cause long delays in applications and potentially lead to a Denial of Service. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-3817 Report - Details, Severity, & Advisories

CVE-2023-3817 Report - Details, Severity, & Advisories

Twingate Team

May 3, 2024

CVE-2023-3817 is a medium-severity vulnerability affecting various versions of OpenSSL, with the exception of the OpenSSL SSL/TLS implementation and the OpenSSL 3.0 and 3.1 FIPS providers. The issue is related to excessively long DH keys or parameters, which can cause applications to experience long delays, potentially leading to a Denial of Service. This vulnerability impacts applications that use specific functions to check a DH key or DH parameters, as well as the OpenSSL dhparam and pkeyparam command line applications when using the -check option.

How do I know if I'm affected?

To determine if you're affected by the CVE-2023-3817 vulnerability, check if your application uses the functions DH_check(), DH_check_ex(), or EVP_PKEY_param_check() to verify DH keys or parameters. If these keys or parameters come from untrusted sources, your application could be vulnerable to a Denial of Service attack. Additionally, if you use the OpenSSL dhparam and pkeyparam command line applications with the "-check" option, you might be affected. The impacted OpenSSL versions include 1.0.2 (all versions from "-" to "zf"), 1.1.1 (all versions from "-" to "u"), 3.0.0 to 3.0.10, and 3.1.0 to 3.1.2.

What should I do if I'm affected?

If you're affected by the CVE-2023-3817 vulnerability, apply the fix available in the mentioned OpenSSL Security Advisory or wait for the next OpenSSL release containing the fix. For non-technical users, consider contacting your IT department or a cybersecurity professional for assistance in applying the fix or updating your OpenSSL version.

Is CVE-2023-3817 in CISA’s Known Exploited Vulnerabilities Catalog?

As of now, CVE-2023-3817 is not listed in CISA's Known Exploited Vulnerabilities Catalog. This medium-severity vulnerability affects certain versions of OpenSSL and is related to excessively long DH keys or parameters, which can cause applications to experience long delays, potentially leading to a Denial of Service. The vulnerability was published on July 31, 2023, but no specific due date or required action is mentioned on the NVD page.

Weakness enumeration

The Weakness Enumeration for CVE-2023-3817 is identified as CWE-834, which refers to Excessive Iteration. This vulnerability can cause long delays in applications, potentially leading to a Denial of Service.

For more details

CVE-2023-3817 is a medium-severity vulnerability affecting various versions of OpenSSL, which can cause long delays in applications and potentially lead to a Denial of Service. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-3817 Report - Details, Severity, & Advisories

Twingate Team

May 3, 2024

CVE-2023-3817 is a medium-severity vulnerability affecting various versions of OpenSSL, with the exception of the OpenSSL SSL/TLS implementation and the OpenSSL 3.0 and 3.1 FIPS providers. The issue is related to excessively long DH keys or parameters, which can cause applications to experience long delays, potentially leading to a Denial of Service. This vulnerability impacts applications that use specific functions to check a DH key or DH parameters, as well as the OpenSSL dhparam and pkeyparam command line applications when using the -check option.

How do I know if I'm affected?

To determine if you're affected by the CVE-2023-3817 vulnerability, check if your application uses the functions DH_check(), DH_check_ex(), or EVP_PKEY_param_check() to verify DH keys or parameters. If these keys or parameters come from untrusted sources, your application could be vulnerable to a Denial of Service attack. Additionally, if you use the OpenSSL dhparam and pkeyparam command line applications with the "-check" option, you might be affected. The impacted OpenSSL versions include 1.0.2 (all versions from "-" to "zf"), 1.1.1 (all versions from "-" to "u"), 3.0.0 to 3.0.10, and 3.1.0 to 3.1.2.

What should I do if I'm affected?

If you're affected by the CVE-2023-3817 vulnerability, apply the fix available in the mentioned OpenSSL Security Advisory or wait for the next OpenSSL release containing the fix. For non-technical users, consider contacting your IT department or a cybersecurity professional for assistance in applying the fix or updating your OpenSSL version.

Is CVE-2023-3817 in CISA’s Known Exploited Vulnerabilities Catalog?

As of now, CVE-2023-3817 is not listed in CISA's Known Exploited Vulnerabilities Catalog. This medium-severity vulnerability affects certain versions of OpenSSL and is related to excessively long DH keys or parameters, which can cause applications to experience long delays, potentially leading to a Denial of Service. The vulnerability was published on July 31, 2023, but no specific due date or required action is mentioned on the NVD page.

Weakness enumeration

The Weakness Enumeration for CVE-2023-3817 is identified as CWE-834, which refers to Excessive Iteration. This vulnerability can cause long delays in applications, potentially leading to a Denial of Service.

For more details

CVE-2023-3817 is a medium-severity vulnerability affecting various versions of OpenSSL, which can cause long delays in applications and potentially lead to a Denial of Service. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.