Bug 2258502 (CVE-2023-6237) - CVE-2023-6237 openssl: Excessive time spent checking invalid RSA public keys
Summary: CVE-2023-6237 openssl: Excessive time spent checking invalid RSA public keys
Keywords:
Status: NEW
Alias: CVE-2023-6237
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2258506 2258507 2258508 2258505
Blocks: 2258503
TreeView+ depends on / blocked
 
Reported: 2024-01-15 18:04 UTC by Mauro Matteo Cascella
Modified: 2024-04-30 10:52 UTC (History)
34 users (show)

Fixed In Version: openssl 3.0.13, openssl 3.1.5, openssl 3.2.1
Doc Type: ---
Doc Text:
A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:2447 0 None None None 2024-04-30 10:52:23 UTC

Description Mauro Matteo Cascella 2024-01-15 18:04:44 UTC 
Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.

The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. OpenSSL versions 3.0.0 to 3.0.12, 3.1.0 to 3.1.4 and 3.2.0 are vulnerable to this issue. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.

References:
https://www.openssl.org/news/secadv/20240115.txt
https://www.openwall.com/lists/oss-security/2024/01/15/2

Upstream fix:
https://github.com/openssl/openssl/commit/18c02492138d1eb8b6548cb26e7b625fb2414a2a (3.0.13)
https://github.com/openssl/openssl/commit/a830f551557d3d66a84bbb18a5b889c640c36294 (3.1.5)
https://github.com/openssl/openssl/commit/0b0f7abfb37350794a4b8960fafc292cd5d1b84d (3.2.1)
Comment 1 Mauro Matteo Cascella 2024-01-15 18:21:01 UTC 
Created edk2 tracking bugs for this issue:

Affects: fedora-all [bug 2258506]


Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 2258507]


Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 2258508]


Created openssl3 tracking bugs for this issue:

Affects: epel-all [bug 2258505]
Comment 6 errata-xmlrpc 2024-04-30 10:52:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2447 https://access.redhat.com/errata/RHSA-2024:2447
Note You need to log in before you can comment on or make changes to this bug.