Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/openssl@1:1.1.1k-12?arch=el8_9
Typerpm
Namespaceredhat
Nameopenssl
Version1:1.1.1k-12
Qualifiers
arch el8_9
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-j3zk-dv2g-77cv
vulnerability_id VCID-j3zk-dv2g-77cv
summary php: potential exposure to Marvin attack via unsafe implementation of RSA decryption API
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2408.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2408.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-2408
reference_id
reference_type
scores
0
value 0.00255
scoring_system epss
scoring_elements 0.48874
published_at 2026-04-13T12:55:00Z
1
value 0.00255
scoring_system epss
scoring_elements 0.48844
published_at 2026-04-02T12:55:00Z
2
value 0.00255
scoring_system epss
scoring_elements 0.4887
published_at 2026-04-04T12:55:00Z
3
value 0.00255
scoring_system epss
scoring_elements 0.48824
published_at 2026-04-07T12:55:00Z
4
value 0.00255
scoring_system epss
scoring_elements 0.48878
published_at 2026-04-08T12:55:00Z
5
value 0.00255
scoring_system epss
scoring_elements 0.48875
published_at 2026-04-09T12:55:00Z
6
value 0.00255
scoring_system epss
scoring_elements 0.48891
published_at 2026-04-11T12:55:00Z
7
value 0.00255
scoring_system epss
scoring_elements 0.48865
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-2408
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2270358
reference_id 2270358
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2270358
5
reference_url https://github.com/php/php-src/security/advisories/GHSA-hh26-4ppw-5864
reference_id GHSA-hh26-4ppw-5864
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:58:06Z/
url https://github.com/php/php-src/security/advisories/GHSA-hh26-4ppw-5864
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
reference_id PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:58:06Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
7
reference_url https://access.redhat.com/errata/RHSA-2023:7877
reference_id RHSA-2023:7877
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7877
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
reference_id W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:58:06Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
fixed_packages
aliases CVE-2024-2408
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j3zk-dv2g-77cv
1
url VCID-sn5k-3e59-7ba8
vulnerability_id VCID-sn5k-3e59-7ba8
summary 
Improper Check for Unusual or Exceptional Conditions
Issue summary: Generating excessively long X9.42 DH keys or checking
excessively long X9.42 DH keys or parameters may be very slow.

Impact summary: Applications that use the functions DH_generate_key() to
generate an X9.42 DH key may experience long delays. Likewise, applications
that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.

While DH_check() performs all the necessary checks (as of CVE-2023-3817),
DH_check_pub_key() does not make any of these checks, and is therefore
vulnerable for excessively large P and Q parameters.

Likewise, while DH_generate_key() performs a check for an excessively large
P, it does not check for an excessively large Q.

An application that calls DH_generate_key() or DH_check_pub_key() and
supplies a key or parameters obtained from an untrusted source could be
vulnerable to a Denial of Service attack.

DH_generate_key() and DH_check_pub_key() are also called by a number of
other OpenSSL functions. An application calling any of those other
functions may similarly be affected. The other functions affected by this
are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

Also vulnerable are the OpenSSL pkey command line application when using the
"-pubcheck" option, as well as the OpenSSL genpkey command line application.

The OpenSSL SSL/TLS implementation is not affected by this issue.

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5678.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5678.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5678
reference_id
reference_type
scores
0
value 0.00638
scoring_system epss
scoring_elements 0.70492
published_at 2026-04-13T12:55:00Z
1
value 0.00638
scoring_system epss
scoring_elements 0.70482
published_at 2026-04-08T12:55:00Z
2
value 0.00638
scoring_system epss
scoring_elements 0.70498
published_at 2026-04-09T12:55:00Z
3
value 0.00638
scoring_system epss
scoring_elements 0.70522
published_at 2026-04-11T12:55:00Z
4
value 0.00638
scoring_system epss
scoring_elements 0.70507
published_at 2026-04-12T12:55:00Z
5
value 0.00656
scoring_system epss
scoring_elements 0.7097
published_at 2026-04-04T12:55:00Z
6
value 0.00656
scoring_system epss
scoring_elements 0.70953
published_at 2026-04-02T12:55:00Z
7
value 0.00656
scoring_system epss
scoring_elements 0.70945
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5678
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T19:42:37Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055
5
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T19:42:37Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c
6
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T19:42:37Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017
7
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T19:42:37Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6
8
reference_url https://www.openssl.org/news/secadv/20231106.txt
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T19:42:37Z/
url https://www.openssl.org/news/secadv/20231106.txt
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055473
reference_id 1055473
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055473
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2248616
reference_id 2248616
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2248616
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5678
reference_id CVE-2023-5678
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-5678
12
reference_url https://access.redhat.com/errata/RHSA-2023:7877
reference_id RHSA-2023:7877
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7877
13
reference_url https://access.redhat.com/errata/RHSA-2024:0154
reference_id RHSA-2024:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0154
14
reference_url https://access.redhat.com/errata/RHSA-2024:0208
reference_id RHSA-2024:0208
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0208
15
reference_url https://access.redhat.com/errata/RHSA-2024:1316
reference_id RHSA-2024:1316
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1316
16
reference_url https://access.redhat.com/errata/RHSA-2024:1317
reference_id RHSA-2024:1317
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1317
17
reference_url https://access.redhat.com/errata/RHSA-2024:1318
reference_id RHSA-2024:1318
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1318
18
reference_url https://access.redhat.com/errata/RHSA-2024:1319
reference_id RHSA-2024:1319
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1319
19
reference_url https://access.redhat.com/errata/RHSA-2024:1325
reference_id RHSA-2024:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1325
20
reference_url https://access.redhat.com/errata/RHSA-2024:2447
reference_id RHSA-2024:2447
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2447
21
reference_url https://usn.ubuntu.com/6622-1/
reference_id USN-6622-1
reference_type
scores
url https://usn.ubuntu.com/6622-1/
22
reference_url https://usn.ubuntu.com/6632-1/
reference_id USN-6632-1
reference_type
scores
url https://usn.ubuntu.com/6632-1/
23
reference_url https://usn.ubuntu.com/6709-1/
reference_id USN-6709-1
reference_type
scores
url https://usn.ubuntu.com/6709-1/
24
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
aliases CVE-2023-5678
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sn5k-3e59-7ba8
2
url VCID-vhkt-tbz6-wuf7
vulnerability_id VCID-vhkt-tbz6-wuf7
summary 
Inefficient Regular Expression Complexity
Issue summary: Checking excessively long DH keys or parameters may be very slow.

Impact summary: Applications that use the functions DH_check(), DH_check_ex()
or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long
delays. Where the key or parameters that are being checked have been obtained
from an untrusted source this may lead to a Denial of Service.

The function DH_check() performs various checks on DH parameters. One of those
checks confirms that the modulus ('p' parameter) is not too large. Trying to use
a very large modulus is slow and OpenSSL will not normally use a modulus which
is over 10,000 bits in length.

However the DH_check() function checks numerous aspects of the key or parameters
that have been supplied. Some of those checks use the supplied modulus value
even if it has already been found to be too large.

An application that calls DH_check() and supplies a key or parameters obtained
from an untrusted source could be vulernable to a Denial of Service attack.

The function DH_check() is itself called by a number of other OpenSSL functions.
An application calling any of those other functions may similarly be affected.
The other functions affected by this are DH_check_ex() and
EVP_PKEY_param_check().

Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications
when using the '-check' option.

The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3446.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3446.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3446
reference_id
reference_type
scores
0
value 0.00937
scoring_system epss
scoring_elements 0.76138
published_at 2026-04-02T12:55:00Z
1
value 0.00937
scoring_system epss
scoring_elements 0.76196
published_at 2026-04-13T12:55:00Z
2
value 0.00937
scoring_system epss
scoring_elements 0.76171
published_at 2026-04-04T12:55:00Z
3
value 0.00937
scoring_system epss
scoring_elements 0.76151
published_at 2026-04-07T12:55:00Z
4
value 0.00937
scoring_system epss
scoring_elements 0.76184
published_at 2026-04-08T12:55:00Z
5
value 0.00937
scoring_system epss
scoring_elements 0.76197
published_at 2026-04-09T12:55:00Z
6
value 0.00937
scoring_system epss
scoring_elements 0.76222
published_at 2026-04-11T12:55:00Z
7
value 0.00937
scoring_system epss
scoring_elements 0.76198
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3446
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb
5
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528
6
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c
7
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23
8
reference_url https://www.openssl.org/news/secadv/20230719.txt
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/
url https://www.openssl.org/news/secadv/20230719.txt
9
reference_url http://www.openwall.com/lists/oss-security/2023/07/19/4
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/07/19/4
10
reference_url http://www.openwall.com/lists/oss-security/2023/07/19/5
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/07/19/5
11
reference_url http://www.openwall.com/lists/oss-security/2023/07/19/6
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/07/19/6
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041817
reference_id 1041817
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041817
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2224962
reference_id 2224962
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2224962
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3446
reference_id CVE-2023-3446
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-3446
15
reference_url https://access.redhat.com/errata/RHSA-2023:7622
reference_id RHSA-2023:7622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7622
16
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
17
reference_url https://access.redhat.com/errata/RHSA-2023:7625
reference_id RHSA-2023:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7625
18
reference_url https://access.redhat.com/errata/RHSA-2023:7626
reference_id RHSA-2023:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7626
19
reference_url https://access.redhat.com/errata/RHSA-2023:7877
reference_id RHSA-2023:7877
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7877
20
reference_url https://access.redhat.com/errata/RHSA-2024:0154
reference_id RHSA-2024:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0154
21
reference_url https://access.redhat.com/errata/RHSA-2024:0208
reference_id RHSA-2024:0208
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0208
22
reference_url https://access.redhat.com/errata/RHSA-2024:0408
reference_id RHSA-2024:0408
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0408
23
reference_url https://access.redhat.com/errata/RHSA-2024:0888
reference_id RHSA-2024:0888
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0888
24
reference_url https://access.redhat.com/errata/RHSA-2024:1415
reference_id RHSA-2024:1415
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1415
25
reference_url https://access.redhat.com/errata/RHSA-2024:2264
reference_id RHSA-2024:2264
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2264
26
reference_url https://access.redhat.com/errata/RHSA-2024:2447
reference_id RHSA-2024:2447
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2447
27
reference_url https://usn.ubuntu.com/6435-1/
reference_id USN-6435-1
reference_type
scores
url https://usn.ubuntu.com/6435-1/
28
reference_url https://usn.ubuntu.com/6435-2/
reference_id USN-6435-2
reference_type
scores
url https://usn.ubuntu.com/6435-2/
29
reference_url https://usn.ubuntu.com/6450-1/
reference_id USN-6450-1
reference_type
scores
url https://usn.ubuntu.com/6450-1/
30
reference_url https://usn.ubuntu.com/6709-1/
reference_id USN-6709-1
reference_type
scores
url https://usn.ubuntu.com/6709-1/
31
reference_url https://usn.ubuntu.com/7018-1/
reference_id USN-7018-1
reference_type
scores
url https://usn.ubuntu.com/7018-1/
32
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
aliases CVE-2023-3446
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vhkt-tbz6-wuf7
3
url VCID-xnhs-4v7t-p3hv
vulnerability_id VCID-xnhs-4v7t-p3hv
summary 
Excessive Iteration
Issue summary: Checking excessively long DH keys or parameters may be very slow.

Impact summary: Applications that use the functions DH_check(), DH_check_ex()
or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long
delays. Where the key or parameters that are being checked have been obtained
from an untrusted source this may lead to a Denial of Service.

The function DH_check() performs various checks on DH parameters. After fixing
CVE-2023-3446 it was discovered that a large q parameter value can also trigger
an overly long computation during some of these checks. A correct q value,
if present, cannot be larger than the modulus p parameter, thus it is
unnecessary to perform these checks if q is larger than p.

An application that calls DH_check() and supplies a key or parameters obtained
from an untrusted source could be vulnerable to a Denial of Service attack.

The function DH_check() is itself called by a number of other OpenSSL functions.
An application calling any of those other functions may similarly be affected.
The other functions affected by this are DH_check_ex() and
EVP_PKEY_param_check().

Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications
when using the "-check" option.

The OpenSSL SSL/TLS implementation is not affected by this issue.

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3817.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3817.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3817
reference_id
reference_type
scores
0
value 0.0032
scoring_system epss
scoring_elements 0.55026
published_at 2026-04-02T12:55:00Z
1
value 0.0032
scoring_system epss
scoring_elements 0.5507
published_at 2026-04-12T12:55:00Z
2
value 0.0032
scoring_system epss
scoring_elements 0.55052
published_at 2026-04-13T12:55:00Z
3
value 0.0032
scoring_system epss
scoring_elements 0.55028
published_at 2026-04-07T12:55:00Z
4
value 0.0032
scoring_system epss
scoring_elements 0.55077
published_at 2026-04-08T12:55:00Z
5
value 0.0032
scoring_system epss
scoring_elements 0.55076
published_at 2026-04-09T12:55:00Z
6
value 0.0032
scoring_system epss
scoring_elements 0.55089
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3817
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817
3
reference_url http://seclists.org/fulldisclosure/2023/Jul/43
reference_id
reference_type
scores
url http://seclists.org/fulldisclosure/2023/Jul/43
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5
6
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644
7
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f
8
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5
9
reference_url https://www.openssl.org/news/secadv/20230731.txt
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/
url https://www.openssl.org/news/secadv/20230731.txt
10
reference_url http://www.openwall.com/lists/oss-security/2023/07/31/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/07/31/1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2227852
reference_id 2227852
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2227852
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3817
reference_id CVE-2023-3817
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-3817
13
reference_url https://access.redhat.com/errata/RHSA-2023:5931
reference_id RHSA-2023:5931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5931
14
reference_url https://access.redhat.com/errata/RHSA-2023:7622
reference_id RHSA-2023:7622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7622
15
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
16
reference_url https://access.redhat.com/errata/RHSA-2023:7625
reference_id RHSA-2023:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7625
17
reference_url https://access.redhat.com/errata/RHSA-2023:7626
reference_id RHSA-2023:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7626
18
reference_url https://access.redhat.com/errata/RHSA-2023:7877
reference_id RHSA-2023:7877
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7877
19
reference_url https://access.redhat.com/errata/RHSA-2024:0154
reference_id RHSA-2024:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0154
20
reference_url https://access.redhat.com/errata/RHSA-2024:0208
reference_id RHSA-2024:0208
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0208
21
reference_url https://access.redhat.com/errata/RHSA-2024:2447
reference_id RHSA-2024:2447
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2447
22
reference_url https://usn.ubuntu.com/6435-1/
reference_id USN-6435-1
reference_type
scores
url https://usn.ubuntu.com/6435-1/
23
reference_url https://usn.ubuntu.com/6435-2/
reference_id USN-6435-2
reference_type
scores
url https://usn.ubuntu.com/6435-2/
24
reference_url https://usn.ubuntu.com/6450-1/
reference_id USN-6450-1
reference_type
scores
url https://usn.ubuntu.com/6450-1/
25
reference_url https://usn.ubuntu.com/6709-1/
reference_id USN-6709-1
reference_type
scores
url https://usn.ubuntu.com/6709-1/
26
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
aliases CVE-2023-3817
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xnhs-4v7t-p3hv
Fixing_vulnerabilities
Risk_score2.6
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssl@1:1.1.1k-12%3Farch=el8_9