CVE-2023-3817 - OpenSSL Vulnerability: Excessively Long DH Key Checks May Lead to Denial of Service Attacks

The OpenSSL project has identified a vulnerability (CVE-2023-3817) that affects applications using functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check Diffie Hellman (DH) keys or DH parameters. Applications vulnerable to this issue may experience long delays when checking excessively long DH keys or parameters, which can potentially lead to Denial of Service (DoS) attacks when the key or parameters are obtained from an untrusted source.

After fixing the earlier vulnerability CVE-2023-3446, it was discovered that a large q parameter value can trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, so it is unnecessary to perform these checks if q is larger than p.

To better understand the impact and affected functions, let's take a closer look at the cause of this vulnerability and the recommended steps to mitigate this issue.

Exploit Details

Consider an application using the DH_check() function and supplying a key or parameters obtained from an untrusted source:

#include <openssl/dh.h>

DH *dh;
int codes;

// [...]

DH_check(dh, &codes);

An attacker could exploit this vulnerability by providing excessively large DH keys or DH parameters to the target application, which could result in a Denial of Service attack due to extended computation times.

DH_check() is called by other OpenSSL functions, which means an application calling any of those other functions may be similarly affected. The other functions impacted by this vulnerability are DH_check_ex() and EVP_PKEY_param_check().

The OpenSSL dhparam and pkeyparam command line applications are also vulnerable when using the "-check" option.

It's important to note that OpenSSL's SSL/TLS implementations are not affected by this issue, nor are OpenSSL 3. and 3.1 FIPS providers.

If possible, do not use untrusted DH keys or parameters with vulnerable functions.

3. Monitor application logs to detect any unexpected delays or activities that could indicate an attempted attack exploiting this vulnerability.

For more information about this vulnerability and its impact, refer to the original references

- OpenSSL Security Advisory
- CVE-2023-3817

In conclusion, CVE-2023-3817 is a critical vulnerability that could result in Denial of Service attacks for affected applications. It is crucial to take timely action, apply patches, and follow best practices to guard against this threat. Stay diligent and keep an eye out for updates from the OpenSSL project to ensure your applications and systems remain secure.

Timeline

Published on: 07/31/2023 16:15:00 UTC
Last modified on: 08/18/2023 14:15:00 UTC