{"url":"http://public2.vulnerablecode.io/api/packages/66375?format=json","purl":"pkg:conan/openssl@1.0.2zf","type":"conan","namespace":"","name":"openssl","version":"1.0.2zf","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.1.0l","latest_non_vulnerable_version":"3.2.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45761?format=json","vulnerability_id":"VCID-w1qj-n768-hbar","summary":"Excessive Iteration\nIssue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.","references":[{"reference_url":"http://seclists.org/fulldisclosure/2023/Jul/43","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2023/Jul/43"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5","reference_id":"","reference_type":"","scores":[],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644","reference_id":"","reference_type":"","scores":[],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f","reference_id":"","reference_type":"","scores":[],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5","reference_id":"","reference_type":"","scores":[],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5"},{"reference_url":"https://www.openssl.org/news/secadv/20230731.txt","reference_id":"","reference_type":"","scores":[],"url":"https://www.openssl.org/news/secadv/20230731.txt"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/07/31/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2023/07/31/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3817","reference_id":"CVE-2023-3817","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3817"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63866?format=json","purl":"pkg:conan/openssl@1.1.1w","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1w"},{"url":"http://public2.vulnerablecode.io/api/packages/63867?format=json","purl":"pkg:conan/openssl@3.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nx5k-32hq-yuh4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/64354?format=json","purl":"pkg:conan/openssl@3.1.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.3"}],"aliases":["CVE-2023-3817"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w1qj-n768-hbar"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2zf"}