NVD - CVE-2023-3817 (original) (raw)
CVE-2023-3817 Detail
Description
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
Metrics
NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:
NIST: NVD
N/A
NVD assessment not yet provided.
CVSS 3.x Severity and Vector Strings:
NIST: NVD
Base Score: 5.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
ADP: CISA-ADP
Base Score: 5.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS 2.0 Severity and Vector Strings:
NIST: NVD
Base Score: N/A
NVD assessment not yet provided.
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].
Weakness Enumeration
| CWE-ID | CWE Name | Source |
|---|---|---|
| CWE-834 | Excessive Iteration | NIST |
| CWE-606 | Unchecked Input for Loop Condition | OpenSSL Software Foundation |
Known Affected Software Configurations Switch to CPE 2.2
CPEs loading, please wait.
Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.
Change History
17 change records found show changes
CVE Modified by CISA-ADP 6/17/2026 2:14:55 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | SSVC | {"timestamp":"2025-04-23T13:26:20.624850Z","id":"CVE-2023-3817","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"} |
CVE Modified by OpenSSL Software Foundation 6/17/2026 2:14:55 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Affected | [{"vendor":"OpenSSL","product":"OpenSSL","defaultStatus":"unaffected","versions":[{"version":"3.1.0","lessThan":"3.1.2","versionType":"semver","status":"affected"},{"version":"3.0.0","lessThan":"3.0.10","versionType":"semver","status":"affected"},{"version":"1.1.1","lessThan":"1.1.1v","versionType":"custom","status":"affected"},{"version":"1.0.2","lessThan":"1.0.2zi","versionType":"custom","status":"affected"}]}] |
CVE Modified by CISA-ADP 5/05/2025 12:15:47 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CVSS V3.1 | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
CVE Modified by CVE 11/21/2024 3🔞08 AM
CVE Modified by OpenSSL Software Foundation 10/14/2024 11:15:11 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CWE | OpenSSL Software Foundation CWE-606 | |
| Removed | Reference | OpenSSL Software Foundation http://seclists.org/fulldisclosure/2023/Jul/43 | |
| Removed | Reference | OpenSSL Software Foundation http://www.openwall.com/lists/oss-security/2023/07/31/1 | |
| Removed | Reference | OpenSSL Software Foundation http://www.openwall.com/lists/oss-security/2023/09/22/11 | |
| Removed | Reference | OpenSSL Software Foundation http://www.openwall.com/lists/oss-security/2023/09/22/9 | |
| Removed | Reference | OpenSSL Software Foundation http://www.openwall.com/lists/oss-security/2023/11/06/2 | |
| Removed | Reference | OpenSSL Software Foundation https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html | |
| Removed | Reference | OpenSSL Software Foundation https://security.gentoo.org/glsa/202402-08 | |
| Removed | Reference | OpenSSL Software Foundation https://security.netapp.com/advisory/ntap-20230818-0014/ | |
| Removed | Reference | OpenSSL Software Foundation https://security.netapp.com/advisory/ntap-20231027-0008/ | |
| Removed | Reference | OpenSSL Software Foundation https://security.netapp.com/advisory/ntap-20240621-0006/ |
CVE Modified by OpenSSL Software Foundation 6/21/2024 3:15:28 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | OpenSSL Software Foundation https://security.netapp.com/advisory/ntap-20240621-0006/ [No types assigned] |
CVE Modified by OpenSSL Software Foundation 5/14/2024 9:34:58 AM
| Action | Type | Old Value | New Value |
|---|
CVE Modified by OpenSSL Software Foundation 2/04/2024 4:15:10 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | OpenSSL Software Foundation https://security.gentoo.org/glsa/202402-08 [No types assigned] |
CVE Modified by OpenSSL Software Foundation 11/06/2023 2:15:09 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | http://www.openwall.com/lists/oss-security/2023/11/06/2 [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 10/27/2023 11:15:13 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://security.netapp.com/advisory/ntap-20231027-0008/ [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 9/22/2023 8:15:19 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | http://www.openwall.com/lists/oss-security/2023/09/22/11 [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 9/22/2023 5:15:21 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | http://www.openwall.com/lists/oss-security/2023/09/22/9 [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 8/18/2023 10:15:33 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://security.netapp.com/advisory/ntap-20230818-0014/ [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 8/16/2023 4:15:41 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html [No Types Assigned] |
Initial Analysis by NIST 8/08/2023 3:04:09 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CVSS V3.1 | NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | |
| Added | CWE | NIST CWE-834 | |
| Added | CPE Configuration | Record truncated, showing 2048 of 3848 characters. View Entire Change Record OR *cpe:2.3:a:openssl:openssl:1.0.2:-:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2m:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2n:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2o:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2p:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2q:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2r:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2s:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2t:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2u:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2v:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2w:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2x:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2y:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2za:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2zb:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2zc:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2zd:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2ze:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2zf:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2zg:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.0.2zh:*:*:*:*:*:*:* *cpe:2.3:a:openssl:openssl:1.1.1:-:*:*:*:*:*:* *cpe:2.3:a: | |
| Changed | Reference Type | http://seclists.org/fulldisclosure/2023/Jul/43 No Types Assigned | http://seclists.org/fulldisclosure/2023/Jul/43 Mailing List, Third Party Advisory |
| Changed | Reference Type | http://www.openwall.com/lists/oss-security/2023/07/31/1 No Types Assigned | http://www.openwall.com/lists/oss-security/2023/07/31/1 Mailing List |
| Changed | Reference Type | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5 No Types Assigned | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5 Mailing List, Patch |
| Changed | Reference Type | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644 No Types Assigned | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644 Broken Link |
| Changed | Reference Type | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f No Types Assigned | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f Mailing List, Patch |
| Changed | Reference Type | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5 No Types Assigned | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5 Mailing List, Patch |
| Changed | Reference Type | https://www.openssl.org/news/secadv/20230731.txt No Types Assigned | https://www.openssl.org/news/secadv/20230731.txt Vendor Advisory |
CVE Modified by OpenSSL Software Foundation 8/01/2023 7:15:09 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | http://seclists.org/fulldisclosure/2023/Jul/43 [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 7/31/2023 2:15:10 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | http://www.openwall.com/lists/oss-security/2023/07/31/1 [No Types Assigned] |
Quick Info
CVE Dictionary Entry:
CVE-2023-3817
NVD Published Date:
07/31/2023
NVD Last Modified:
06/17/2026
Source:
OpenSSL Software Foundation