- changed status to resolved
[tnozaki-openssl] CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value
Issue #350
resolved
Comments (1)
-
reporter - Log in to comment
BUGFIX: Issue
#350- CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter valuePatch referenced following pull request: https://github.com/openssl/openssl/pull/22518
Original commit message: We already check for an excessively large P in DH_generate_key(), but not in DH_check_pub_key(), and none of them check for an excessively large Q.
This change adds all the missing excessive size checks of P and Q.
Fixes CVE-2023-5678
→ <<cset de33fa1a91d6>>