Search for vulnerabilities
Vulnerability details: VCID-2rtj-nbth-aaam
Vulnerability ID VCID-2rtj-nbth-aaam
Aliases CVE-2023-3817
Summary Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
Status Published
Exploitability 0.5
Weighted Severity 7.1
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-834 Excessive Iteration
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-606 Unchecked Input for Loop Condition
System Score Found at
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3817.json
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00200 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00200 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00200 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
epss 0.19539 https://api.first.org/data/v1/epss?cve=CVE-2023-3817
cvssv3.1 8.8 http://seclists.org/fulldisclosure/2023/Jul/43
generic_textual HIGH http://seclists.org/fulldisclosure/2023/Jul/43
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.3 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5
ssvc Track https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5
cvssv3.1 5.3 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644
ssvc Track https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644
cvssv3.1 5.3 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f
ssvc Track https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f
cvssv3.1 5.3 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5
ssvc Track https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5
cvssv3 5.3 https://nvd.nist.gov/vuln/detail/CVE-2023-3817
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2023-3817
cvssv3.1 5.3 https://www.openssl.org/news/secadv/20230731.txt
generic_textual LOW https://www.openssl.org/news/secadv/20230731.txt
ssvc Track https://www.openssl.org/news/secadv/20230731.txt
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3817.json
https://api.first.org/data/v1/epss?cve=CVE-2023-3817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817
http://seclists.org/fulldisclosure/2023/Jul/43
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5
https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html
https://security.netapp.com/advisory/ntap-20230818-0014/
https://security.netapp.com/advisory/ntap-20231027-0008/
https://security.netapp.com/advisory/ntap-20240621-0006/
https://www.openssl.org/news/secadv/20230731.txt
http://www.openwall.com/lists/oss-security/2023/07/31/1
http://www.openwall.com/lists/oss-security/2023/09/22/11
http://www.openwall.com/lists/oss-security/2023/09/22/9
http://www.openwall.com/lists/oss-security/2023/11/06/2
2227852 https://bugzilla.redhat.com/show_bug.cgi?id=2227852
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2m:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2n:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2o:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2p:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2q:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2r:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2s:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2s:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2t:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2t:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2u:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2u:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2v:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2v:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2w:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2w:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2x:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2x:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2y:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2y:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2za:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2za:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2zb:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2zb:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2zc:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2zc:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2zd:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2zd:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2ze:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2ze:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2zf:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2zf:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2zg:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2zg:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2zh:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2zh:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1k:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1l:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1m:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1n:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1o:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1p:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1:pre1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1:pre1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1:pre2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1:pre2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1:pre3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1:pre3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1:pre4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1:pre4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1:pre5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1:pre5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1:pre6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1:pre6:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1:pre7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1:pre7:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1:pre8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1:pre8:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1:pre9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1:pre9:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1q:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1r:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1s:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1s:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1t:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1t:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.1.1u:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.1u:*:*:*:*:*:*:*
CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817
GLSA-202402-08 https://security.gentoo.org/glsa/202402-08
RHSA-2023:5931 https://access.redhat.com/errata/RHSA-2023:5931
RHSA-2023:7622 https://access.redhat.com/errata/RHSA-2023:7622
RHSA-2023:7623 https://access.redhat.com/errata/RHSA-2023:7623
RHSA-2023:7625 https://access.redhat.com/errata/RHSA-2023:7625
RHSA-2023:7626 https://access.redhat.com/errata/RHSA-2023:7626
RHSA-2023:7877 https://access.redhat.com/errata/RHSA-2023:7877
RHSA-2024:0154 https://access.redhat.com/errata/RHSA-2024:0154
RHSA-2024:0208 https://access.redhat.com/errata/RHSA-2024:0208
RHSA-2024:2447 https://access.redhat.com/errata/RHSA-2024:2447
USN-6435-1 https://usn.ubuntu.com/6435-1/
USN-6435-2 https://usn.ubuntu.com/6435-2/
USN-6450-1 https://usn.ubuntu.com/6450-1/
USN-6709-1 https://usn.ubuntu.com/6709-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3817.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2023/Jul/43
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2023-3817
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2023-3817
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://www.openssl.org/news/secadv/20230731.txt
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/ Found at https://www.openssl.org/news/secadv/20230731.txt
Exploit Prediction Scoring System (EPSS)
Percentile 0.46498
EPSS Score 0.00116
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.