Unchecked Input for Loop Condition
CVE-2023-6237
Summary
Checking excessively long invalid RSA public keys may take a long time. Applications that use the function "EVP_PKEY_public_check()" to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source, this may lead to a Denial of Service (DOS). When function "EVP_PKEY_public_check()" is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes, and this computation completes quickly. However, if n is an overly large prime, then this computation would take a long time. An application that calls "EVP_PKEY_public_check()" and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service (DOS) attack. The function "EVP_PKEY_public_check()" is not called from other OpenSSL functions; however, it is called from the OpenSSL "pkey" command line application. For that reason, that application is also vulnerable if used with the "-pubin" and "-check" options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0.0-alpha1 through 3.0.12, 3.1.0-alpha1 through 3.1.4, and 3.2.0-alpha1 through 3.2.0 FIPS providers are affected by this issue.
- HIGH
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-606 - Unchecked Input for Loop Condition
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.
References
Advisory Timeline
- Published