CVE-2023-3446 - Excessively Long DH Keys May Lead to Denial of Service Attacks

CVE-2023-3446 addresses a vulnerability in OpenSSL where applications that check Diffie-Hellman (DH) keys or parameters using the functions DH_check(), DH_check_ex(), or EVP_PKEY_param_check() may experience long delays. In cases where these keys or parameters are obtained from untrusted sources, this can potentially lead to a Denial of Service (DoS) attack.

Details

The OpenSSL function DH_check() checks numerous aspects of DH keys or parameters provided. One of its checks involves confirming that the modulus ('p' parameter) is not too large, as trying to use a very large modulus takes a long time. Typically, OpenSSL does not use a modulus larger than 10,000 bits.

However, the DH_check() function continues to perform other checks using the supplied modulus value, even if it is already found to be too large. This can potentially result in a DoS vulnerability when an application calls the DH_check() function with a key or parameters obtained from an untrusted source.

The functions DH_check_ex() and EVP_PKEY_param_check() are also affected by this vulnerability. Additionally, OpenSSL command line applications dhparam and pkeyparam are susceptible when used with the '-check' option.

The OpenSSL SSL/TLS implementation and OpenSSL FIPS (Federal Information Processing Standards) providers (versions 3. and 3.1) are not affected by this issue.

Exploit and Mitigation

An example of a maliciously crafted DH key or parameter can be found in this GitHub Gist. It demonstrates how an excessively long 'p' parameter can be added to a key or parameter set, causing a delay when one of the affected functions is called.

To mitigate this vulnerability, it is recommended to update your OpenSSL installation to the latest version, which includes a fix for this issue. Relevant patches and information can be found in the OpenSSL GitHub Repository.

When handling DH keys or parameters from untrusted sources, developers should also consider implementing additional validation checks or timeouts to prevent potential DoS attacks.

References

- CVE-2023-3446 Announcement and Details
- OpenSSL GitHub Commit for the Fix
- GitHub Gist Demonstrating Malicious DH Key/Parameter
- OpenSSL.org Security Advisory

Timeline

Published on: 07/19/2023 12:15:10 UTC
Last modified on: 10/03/2023 15:48:00 UTC