CVE-2023-3446: CWE-606 Unchecked Input for Loop Condition in OpenSSL OpenSSL
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
AI Analysis
Technical Summary
CVE-2023-3446 is a medium-severity vulnerability in OpenSSL versions 1.0.2, 1.1.1, 3.0.0, and 3.1.0 related to unchecked input for loop conditions (CWE-606). The issue arises in the Diffie-Hellman (DH) parameter validation functions DH_check(), DH_check_ex(), and EVP_PKEY_param_check(). These functions perform various checks on DH keys or parameters, including verifying the size of the modulus ('p' parameter). Normally, OpenSSL limits the modulus size to 10,000 bits to avoid performance degradation. However, even when the modulus is excessively large, some checks continue to process the input, leading to very slow execution times. When these functions are called with DH parameters obtained from untrusted sources, an attacker can supply specially crafted large parameters that cause the functions to consume excessive CPU resources, resulting in a Denial of Service (DoS) condition. This vulnerability affects applications that directly invoke these functions or indirectly call them through other OpenSSL APIs. Additionally, the OpenSSL command-line utilities dhparam and pkeyparam are vulnerable when using the '-check' option. Importantly, the OpenSSL SSL/TLS implementation and the OpenSSL 3.0 and 3.1 FIPS providers are not affected. The vulnerability does not require authentication or user interaction and can be exploited remotely over the network if the application accepts untrusted DH parameters. The CVSS v3.1 base score is 5.3 (medium), reflecting a network attack vector with low complexity and no privileges or user interaction required, impacting availability only without confidentiality or integrity loss. No known exploits are reported in the wild at this time.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to applications and services that perform DH parameter validation using vulnerable OpenSSL versions and accept DH parameters from untrusted or external sources. The impact is a potential Denial of Service, where attackers can cause high CPU usage and service degradation or outages by submitting maliciously crafted DH parameters. This can disrupt critical services relying on cryptographic operations, such as VPN gateways, secure messaging platforms, or custom cryptographic applications. Since the vulnerability does not affect the core OpenSSL SSL/TLS implementation, standard HTTPS and TLS connections are not directly impacted. However, organizations using OpenSSL command-line tools for DH parameter generation or validation in automated workflows may also experience operational delays or failures. The DoS impact could affect availability of security-critical infrastructure, potentially leading to downtime or degraded performance. This is particularly relevant for sectors with high reliance on cryptographic operations, including finance, government, telecommunications, and critical infrastructure in Europe. Given the medium severity and lack of known exploits, the immediate risk is moderate but warrants timely patching to prevent exploitation as attackers may develop exploits in the future.
Mitigation Recommendations
1. Upgrade OpenSSL to the latest patched versions beyond 3.1.0, 3.0.0, 1.1.1, and 1.0.2 where this vulnerability is fixed. 2. Audit applications and services to identify any use of DH_check(), DH_check_ex(), EVP_PKEY_param_check(), or the OpenSSL dhparam and pkeyparam command-line tools with the '-check' option, especially when processing untrusted input. 3. Implement input validation and size restrictions on DH parameters before passing them to OpenSSL functions to reject excessively large or malformed parameters proactively. 4. Where possible, restrict or sanitize external inputs that provide DH parameters, limiting exposure to untrusted sources. 5. Monitor CPU usage and application logs for unusual spikes or delays during cryptographic parameter validation to detect potential exploitation attempts. 6. For automated workflows using OpenSSL command-line tools, introduce timeouts or resource limits to prevent prolonged execution caused by malicious inputs. 7. Consider deploying Web Application Firewalls (WAFs) or network filtering to block suspicious traffic patterns that might attempt to exploit this vulnerability. 8. Review cryptographic usage policies to minimize reliance on DH parameter validation from untrusted sources, favoring standardized or pre-validated parameters where feasible.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Belgium, Austria
CVE-2023-3446: CWE-606 Unchecked Input for Loop Condition in OpenSSL OpenSSL
Description
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
AI-Powered Analysis
Technical Analysis
CVE-2023-3446 is a medium-severity vulnerability in OpenSSL versions 1.0.2, 1.1.1, 3.0.0, and 3.1.0 related to unchecked input for loop conditions (CWE-606). The issue arises in the Diffie-Hellman (DH) parameter validation functions DH_check(), DH_check_ex(), and EVP_PKEY_param_check(). These functions perform various checks on DH keys or parameters, including verifying the size of the modulus ('p' parameter). Normally, OpenSSL limits the modulus size to 10,000 bits to avoid performance degradation. However, even when the modulus is excessively large, some checks continue to process the input, leading to very slow execution times. When these functions are called with DH parameters obtained from untrusted sources, an attacker can supply specially crafted large parameters that cause the functions to consume excessive CPU resources, resulting in a Denial of Service (DoS) condition. This vulnerability affects applications that directly invoke these functions or indirectly call them through other OpenSSL APIs. Additionally, the OpenSSL command-line utilities dhparam and pkeyparam are vulnerable when using the '-check' option. Importantly, the OpenSSL SSL/TLS implementation and the OpenSSL 3.0 and 3.1 FIPS providers are not affected. The vulnerability does not require authentication or user interaction and can be exploited remotely over the network if the application accepts untrusted DH parameters. The CVSS v3.1 base score is 5.3 (medium), reflecting a network attack vector with low complexity and no privileges or user interaction required, impacting availability only without confidentiality or integrity loss. No known exploits are reported in the wild at this time.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to applications and services that perform DH parameter validation using vulnerable OpenSSL versions and accept DH parameters from untrusted or external sources. The impact is a potential Denial of Service, where attackers can cause high CPU usage and service degradation or outages by submitting maliciously crafted DH parameters. This can disrupt critical services relying on cryptographic operations, such as VPN gateways, secure messaging platforms, or custom cryptographic applications. Since the vulnerability does not affect the core OpenSSL SSL/TLS implementation, standard HTTPS and TLS connections are not directly impacted. However, organizations using OpenSSL command-line tools for DH parameter generation or validation in automated workflows may also experience operational delays or failures. The DoS impact could affect availability of security-critical infrastructure, potentially leading to downtime or degraded performance. This is particularly relevant for sectors with high reliance on cryptographic operations, including finance, government, telecommunications, and critical infrastructure in Europe. Given the medium severity and lack of known exploits, the immediate risk is moderate but warrants timely patching to prevent exploitation as attackers may develop exploits in the future.
Mitigation Recommendations
1. Upgrade OpenSSL to the latest patched versions beyond 3.1.0, 3.0.0, 1.1.1, and 1.0.2 where this vulnerability is fixed. 2. Audit applications and services to identify any use of DH_check(), DH_check_ex(), EVP_PKEY_param_check(), or the OpenSSL dhparam and pkeyparam command-line tools with the '-check' option, especially when processing untrusted input. 3. Implement input validation and size restrictions on DH parameters before passing them to OpenSSL functions to reject excessively large or malformed parameters proactively. 4. Where possible, restrict or sanitize external inputs that provide DH parameters, limiting exposure to untrusted sources. 5. Monitor CPU usage and application logs for unusual spikes or delays during cryptographic parameter validation to detect potential exploitation attempts. 6. For automated workflows using OpenSSL command-line tools, introduce timeouts or resource limits to prevent prolonged execution caused by malicious inputs. 7. Consider deploying Web Application Firewalls (WAFs) or network filtering to block suspicious traffic patterns that might attempt to exploit this vulnerability. 8. Review cryptographic usage policies to minimize reliance on DH parameter validation from untrusted sources, favoring standardized or pre-validated parameters where feasible.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- openssl
- Date Reserved
- 2023-06-28T14:21:39.968Z
- Cisa Enriched
- true
Threat ID: 682d9846c4522896dcbf504d
Added to database: 5/21/2025, 9:09:26 AM
Last enriched: 6/22/2025, 10:50:07 AM
Last updated: 8/12/2025, 7:57:42 PM
Views: 14
Related Threats
CVE-2025-33100: CWE-798 Use of Hard-coded Credentials in IBM Concert Software
MediumCVE-2025-33090: CWE-1333 Inefficient Regular Expression Complexity in IBM Concert Software
HighCVE-2025-27909: CWE-942 Permissive Cross-domain Policy with Untrusted Domains in IBM Concert Software
MediumCVE-2025-1759: CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection') in IBM Concert Software
MediumCVE-2025-4962: CWE-284 Improper Access Control in lunary-ai lunary-ai/lunary
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.