FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- DoS in DH generation

Affected packages
openssl < 3.0.12_1,1
openssl111 < 1.1.1w_1
openssl31 < 3.1.4_1
openssl-quictls < 3.0.12_1
openssl31-quictls < 3.1.4_1

Details

VuXML ID a5956603-7e4f-11ee-9df6-84a93843eb75
Discovery 2023-11-08
Entry 2023-11-08

The OpenSSL project reports:

Excessive time spent in DH check / generation with large Q parameter value (low). Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow.

[source]

References

CVE Name CVE-2023-5678
URL https://www.openssl.org/news/secadv/20231106.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.