CVE-2023-5678: Denial of Service Vulnerability in Excessively Long X9.42 DH Key Generation and Checking Functions

A vulnerability has been discovered in the OpenSSL library that can lead to Denial of Service (DoS) attacks due to the excessively long X9.42 DH key generation and checking procedures. The functions DH_generate_key() and DH_check_pub_key(), along with several related OpenSSL functions, do not perform adequate checks for excessively large P and Q parameters, resulting in potential long delays.

Impact Summary

Applications using these functions with keys or parameters obtained from an untrusted source may experience a DoS attack. The OpenSSL pkey command line application and the OpenSSL genpkey command line application are also vulnerable. However, this vulnerability does not affect the OpenSSL SSL/TLS implementation or the OpenSSL 3. and 3.1 FIPS providers.

Exploit Details

An attacker can exploit this vulnerability by supplying an application with an excessively large X9.42 DH key or parameters from an untrusted source. The vulnerable functions, namely, DH_generate_key() and DH_check_pub_key(), do not perform the necessary checks for these large values, leading to long delays and potential DoS attacks.

For example, the code snippet below demonstrates a call to DH_generate_key() with an excessively large key, causing the function to take a long time to execute:

#include <openssl/dh.h>

int main() {
    DH *dh = DH_new();
    // Set up the DH object with excessively large P and Q
    ...

    // An attacker can cause a significant delay by calling DH_generate_key() with an excessively large key.
    DH_generate_key(dh);
}

Mitigation and Patch

Users should upgrade to the latest version of OpenSSL, which includes a patch for this vulnerability. This patch includes additional checks for excessively large P and Q parameters in the related functions.

Original References

- OpenSSL Security Advisory
- CVE-2023-5678
- GitHub Commit for Patch

Conclusion

CVE-2023-5678 represents a significant vulnerability in OpenSSL's handling of excessively long X9.42 DH keys and parameters, making it susceptible to potential Denial of Service attacks. Users should take note of this issue and upgrade their OpenSSL installations to the latest version, which includes the necessary patches to prevent exploitation of this vulnerability.

Timeline

Published on: 11/06/2023 16:15:42 UTC
Last modified on: 11/21/2023 16:54:10 UTC