tnozaki / NetBSD / issues / #350 - [tnozaki-openssl] CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value — Bitbucket

Issue #350 resolved

Takehiko NOZAKI repo owner created an issue 2023-12-14

see https://www.openssl.org/news/secadv/20231106.txt

Comments (1)

Takehiko NOZAKI reporter
- changed status to resolved
BUGFIX: Issue ~~#350~~ - CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value

Patch referenced following pull request: https://github.com/openssl/openssl/pull/22518

Original commit message: We already check for an excessively large P in DH_generate_key(), but not in DH_check_pub_key(), and none of them check for an excessively large Q.

This change adds all the missing excessive size checks of P and Q.

Fixes CVE-2023-5678

→ <<cset de33fa1a91d6>>
- 2023-12-17T02:58:26+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: resolved

Votes: 0

Watchers: 1