Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service.
Created openssl tracking bugs for this issue: Affects: fedora-37 [bug 2211112] Affects: fedora-38 [bug 2211119] Created openssl1.1 tracking bugs for this issue: Affects: fedora-37 [bug 2211116] Affects: fedora-38 [bug 2211122] Created openssl11 tracking bugs for this issue: Affects: epel-7 [bug 2211107] Created openssl3 tracking bugs for this issue: Affects: epel-8 [bug 2211109]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:3722 https://access.redhat.com/errata/RHSA-2023:3722
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-2650
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6330 https://access.redhat.com/errata/RHSA-2023:6330
This issue has been addressed in the following products: Red Hat JBoss Web Server 5.7 on RHEL 7 Red Hat JBoss Web Server 5.7 on RHEL 8 Red Hat JBoss Web Server 5.7 on RHEL 9 Via RHSA-2023:7622 https://access.redhat.com/errata/RHSA-2023:7622
This issue has been addressed in the following products: Red Hat JBoss Web Server Via RHSA-2023:7623 https://access.redhat.com/errata/RHSA-2023:7623
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2023:7625 https://access.redhat.com/errata/RHSA-2023:7625
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2023:7626 https://access.redhat.com/errata/RHSA-2023:7626