{"id":"CVE-2023-3817","details":"Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.","modified":"2026-04-16T04:34:31.014600975Z","published":"2023-07-31T16:15:10.497Z","related":["ALSA-2023:7877","ALSA-2024:2447","CGA-hxqv-3m45-8f6g","SUSE-SU-2023:3239-1","SUSE-SU-2023:3242-1","SUSE-SU-2023:3243-1","SUSE-SU-2023:3244-1","SUSE-SU-2023:3244-2","SUSE-SU-2023:3291-1","SUSE-SU-2023:3291-2","SUSE-SU-2023:3308-1","SUSE-SU-2023:3338-1","SUSE-SU-2023:3339-1","SUSE-SU-2023:3397-1","SUSE-SU-2023:3958-1","SUSE-SU-2023:4189-1","SUSE-SU-2023:4190-1","openSUSE-SU-2024:13090-1","openSUSE-SU-2024:13097-1","openSUSE-SU-2024:13111-1"],"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2023/11/06/2"},{"type":"WEB","url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2023/07/31/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2023/09/22/9"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2023/09/22/11"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2023/Jul/43"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240621-0006/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202402-08"},{"type":"ADVISORY","url":"https://www.openssl.org/news/secadv/20230731.txt"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20231027-0008/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230818-0014/"},{"type":"FIX","url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f"},{"type":"FIX","url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5"},{"type":"FIX","url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"89cd17a031e022211684eb7eb41190cf1910f9fa"},{"fixed":"245cb0291e0db99d9ccf3692fa76f440b2b054c2"},{"introduced":"a92271e03a8d0dee507b6f1e7f49512568b2c7ad"},{"fixed":"17a2c5111864d8e016c5f2d29c40a3746b559e9d"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"94f416601754dbe65e287f8e1eca01fa32f74a7a"},{"introduced":"0"},{"last_affected":"2f63ad1c6daa61614f3d58de0889bf68e9f75853"},{"introduced":"0"},{"last_affected":"2c5db8dac3a06fe5b2c889838a606138ee3542ed"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"dcfa88bb29686f485dbd0e3e3800a7f79b462546"},{"introduced":"0"},{"last_affected":"6941960602658a52742786978fe8e677548f89bf"},{"introduced":"0"},{"last_affected":"be2df12a349eae53805dd3cb19aa18e3d022acd7"},{"introduced":"0"},{"last_affected":"facdcba99b4f7c1bcd209c9ecec9a9c595c064f5"},{"introduced":"0"},{"last_affected":"4ff3df161c8b0caf0acac2e0a19980ccd4173a66"},{"introduced":"0"},{"last_affected":"a910a9e98f08c48c4ea24651a29872e71748f969"},{"introduced":"0"},{"last_affected":"77cdad318446ca8ea2ba8294d9e70891b59503e2"},{"introduced":"0"},{"last_affected":"3098c3bd12530b11d2944e0bc8115f6471e4d41c"},{"introduced":"0"},{"last_affected":"bb20b3fd507b635607eddd895dbcad08e0ed8793"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"}],"database_specific":{"versions":[{"introduced":"3.0.0"},{"fixed":"3.0.10"},{"introduced":"3.1.0"},{"fixed":"3.1.2"},{"introduced":"0"},{"last_affected":"1.0.2-NA"},{"introduced":"0"},{"last_affected":"1.0.2-beta1"},{"introduced":"0"},{"last_affected":"1.0.2-beta2"},{"introduced":"0"},{"last_affected":"1.0.2-beta3"},{"introduced":"0"},{"last_affected":"1.0.2a"},{"introduced":"0"},{"last_affected":"1.0.2b"},{"introduced":"0"},{"last_affected":"1.0.2c"},{"introduced":"0"},{"last_affected":"1.0.2d"},{"introduced":"0"},{"last_affected":"1.0.2e"},{"introduced":"0"},{"last_affected":"1.0.2f"},{"introduced":"0"},{"last_affected":"1.0.2g"},{"introduced":"0"},{"last_affected":"1.0.2h"},{"introduced":"0"},{"last_affected":"1.0.2i"},{"introduced":"0"},{"last_affected":"1.0.2j"},{"introduced":"0"},{"last_affected":"1.0.2k"},{"introduced":"0"},{"last_affected":"1.0.2l"},{"introduced":"0"},{"last_affected":"1.0.2m"},{"introduced":"0"},{"last_affected":"1.0.2n"},{"introduced":"0"},{"last_affected":"1.0.2o"},{"introduced":"0"},{"last_affected":"1.0.2p"},{"introduced":"0"},{"last_affected":"1.0.2q"},{"introduced":"0"},{"last_affected":"1.0.2r"},{"introduced":"0"},{"last_affected":"1.0.2s"},{"introduced":"0"},{"last_affected":"1.0.2t"},{"introduced":"0"},{"last_affected":"1.0.2u"},{"introduced":"0"},{"last_affected":"1.0.2v"},{"introduced":"0"},{"last_affected":"1.0.2w"},{"introduced":"0"},{"last_affected":"1.0.2x"},{"introduced":"0"},{"last_affected":"1.0.2y"},{"introduced":"0"},{"last_affected":"1.0.2za"},{"introduced":"0"},{"last_affected":"1.0.2zb"},{"introduced":"0"},{"last_affected":"1.0.2zc"},{"introduced":"0"},{"last_affected":"1.0.2zd"},{"introduced":"0"},{"last_affected":"1.0.2ze"},{"introduced":"0"},{"last_affected":"1.0.2zf"},{"introduced":"0"},{"last_affected":"1.0.2zg"},{"introduced":"0"},{"last_affected":"1.0.2zh"},{"introduced":"0"},{"last_affected":"1.1.1-NA"},{"introduced":"0"},{"last_affected":"1.1.1-pre1"},{"introduced":"0"},{"last_affected":"1.1.1-pre2"},{"introduced":"0"},{"last_affected":"1.1.1-pre3"},{"introduced":"0"},{"last_affected":"1.1.1-pre4"},{"introduced":"0"},{"last_affected":"1.1.1-pre5"},{"introduced":"0"},{"last_affected":"1.1.1-pre6"},{"introduced":"0"},{"last_affected":"1.1.1-pre7"},{"introduced":"0"},{"last_affected":"1.1.1-pre8"},{"introduced":"0"},{"last_affected":"1.1.1-pre9"},{"introduced":"0"},{"last_affected":"1.1.1a"},{"introduced":"0"},{"last_affected":"1.1.1b"},{"introduced":"0"},{"last_affected":"1.1.1c"},{"introduced":"0"},{"last_affected":"1.1.1d"},{"introduced":"0"},{"last_affected":"1.1.1e"},{"introduced":"0"},{"last_affected":"1.1.1f"},{"introduced":"0"},{"last_affected":"1.1.1g"},{"introduced":"0"},{"last_affected":"1.1.1h"},{"introduced":"0"},{"last_affected":"1.1.1i"},{"introduced":"0"},{"last_affected":"1.1.1j"},{"introduced":"0"},{"last_affected":"1.1.1k"},{"introduced":"0"},{"last_affected":"1.1.1l"},{"introduced":"0"},{"last_affected":"1.1.1m"},{"introduced":"0"},{"last_affected":"1.1.1n"},{"introduced":"0"},{"last_affected":"1.1.1o"},{"introduced":"0"},{"last_affected":"1.1.1p"},{"introduced":"0"},{"last_affected":"1.1.1q"},{"introduced":"0"},{"last_affected":"1.1.1r"},{"introduced":"0"},{"last_affected":"1.1.1s"},{"introduced":"0"},{"last_affected":"1.1.1t"},{"introduced":"0"},{"last_affected":"1.1.1u"}]}}],"versions":["BEFORE_engine","OpenSSL_0_9_1c","OpenSSL_0_9_2b","OpenSSL_0_9_3","OpenSSL_0_9_3a","OpenSSL_0_9_3beta2","OpenSSL_0_9_4","OpenSSL_0_9_5a","OpenSSL_0_9_5a-beta1","OpenSSL_0_9_5a-beta2","OpenSSL_0_9_5beta1","OpenSSL_0_9_5beta2","OpenSSL_0_9_6-beta3","OpenSSL_1_0_2","OpenSSL_1_0_2-beta1","OpenSSL_1_0_2-beta2","OpenSSL_1_0_2-beta3","OpenSSL_1_0_2-post-auto-reformat","OpenSSL_1_0_2-post-reformat","OpenSSL_1_0_2-pre-auto-reformat","OpenSSL_1_0_2-pre-reformat","OpenSSL_1_0_2a","OpenSSL_1_0_2b","OpenSSL_1_0_2c","OpenSSL_1_0_2d","OpenSSL_1_0_2e","OpenSSL_1_0_2f","OpenSSL_1_0_2g","OpenSSL_1_0_2h","OpenSSL_1_0_2i","OpenSSL_1_0_2j","OpenSSL_1_0_2k","OpenSSL_1_0_2l","OpenSSL_1_0_2m","OpenSSL_1_0_2n","OpenSSL_1_0_2o","OpenSSL_1_0_2p","OpenSSL_1_0_2q","OpenSSL_1_0_2r","OpenSSL_1_0_2s","OpenSSL_1_0_2t","OpenSSL_1_0_2u","OpenSSL_1_1_0-pre1","OpenSSL_1_1_0-pre2","OpenSSL_1_1_0-pre3","OpenSSL_1_1_0-pre4","OpenSSL_1_1_0-pre5","OpenSSL_1_1_0-pre6","OpenSSL_1_1_1","OpenSSL_1_1_1-pre1","OpenSSL_1_1_1-pre2","OpenSSL_1_1_1-pre3","OpenSSL_1_1_1-pre4","OpenSSL_1_1_1-pre5","OpenSSL_1_1_1-pre6","OpenSSL_1_1_1-pre7","OpenSSL_1_1_1-pre8","OpenSSL_1_1_1-pre9","OpenSSL_1_1_1a","OpenSSL_1_1_1b","OpenSSL_1_1_1c","OpenSSL_1_1_1d","OpenSSL_1_1_1e","OpenSSL_1_1_1f","OpenSSL_1_1_1g","OpenSSL_1_1_1h","OpenSSL_1_1_1i","OpenSSL_1_1_1j","OpenSSL_1_1_1k","OpenSSL_1_1_1l","OpenSSL_1_1_1m","OpenSSL_1_1_1n","OpenSSL_1_1_1o","OpenSSL_1_1_1p","OpenSSL_1_1_1q","OpenSSL_1_1_1r","OpenSSL_1_1_1s","OpenSSL_1_1_1t","OpenSSL_1_1_1u","OpenSSL_1_1_1v","OpenSSL_1_1_1w","master-post-auto-reformat","master-post-reformat","master-pre-auto-reformat","master-pre-reformat","openssl-3.0.0","openssl-3.0.1","openssl-3.0.2","openssl-3.0.3","openssl-3.0.4","openssl-3.0.5","openssl-3.0.6","openssl-3.0.7","openssl-3.0.8","openssl-3.0.9","openssl-3.1.0","openssl-3.1.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3817.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}