Bug 2281029 (CVE-2024-4603) - CVE-2024-4603 openssl: Excessive time spent checking DSA keys and parameters
Summary: CVE-2024-4603 openssl: Excessive time spent checking DSA keys and parameters
Keywords:
Status: NEW
Alias: CVE-2024-4603
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2281032 2281033 2281034 2281035 2281036 2281037 2281038 2281039 2281040 2281041
Blocks: 2281028
TreeView+ depends on / blocked
 
Reported: 2024-05-17 20:13 UTC by Zack Miele
Modified: 2025-05-16 08:28 UTC (History)
50 users (show)

Fixed In Version: OpenSSL 3.0.14, OpenSSL 3.1.6, OpenSSL 3.2.2, OpenSSL 3.3.1
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:9333 0 None None None 2024-11-12 09:34:15 UTC

Description Zack Miele 2024-05-17 20:13:56 UTC 
Issue summary: Checking excessively long DSA keys or parameters may be very
slow.

Impact summary: Applications that use the functions EVP_PKEY_param_check()
or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may
experience long delays. Where the key or parameters that are being checked
have been obtained from an untrusted source this may lead to a Denial of
Service.

The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform
various checks on DSA parameters. Some of those computations take a long time
if the modulus (`p` parameter) is too large.

Trying to use a very large modulus is slow and OpenSSL will not allow using
public keys with a modulus which is over 10,000 bits in length for signature
verification. However the key and parameter check functions do not limit
the modulus size when performing the checks.

An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()
and supplies a key or parameters obtained from an untrusted source could be
vulnerable to a Denial of Service attack.

These functions are not called by OpenSSL itself on untrusted DSA keys so
only applications that directly call these functions may be vulnerable.

Also vulnerable are the OpenSSL pkey and pkeyparam command line applications
when using the `-check` option.

The OpenSSL SSL/TLS implementation is not affected by this issue.

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.
Comment 1 Zack Miele 2024-05-17 20:38:45 UTC 
Created edk2 tracking bugs for this issue:

Affects: fedora-38 [bug 2281033]
Affects: fedora-39 [bug 2281036]
Affects: fedora-40 [bug 2281039]


Created mingw-openssl tracking bugs for this issue:

Affects: fedora-38 [bug 2281034]
Affects: fedora-39 [bug 2281037]
Affects: fedora-40 [bug 2281040]


Created openssl tracking bugs for this issue:

Affects: fedora-38 [bug 2281035]
Affects: fedora-39 [bug 2281038]
Affects: fedora-40 [bug 2281041]


Created openssl3 tracking bugs for this issue:

Affects: epel-8 [bug 2281032]
Comment 6 errata-xmlrpc 2024-11-12 09:34:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9333 https://access.redhat.com/errata/RHSA-2024:9333
Note You need to log in before you can comment on or make changes to this bug.