Test ID:	1.3.6.1.4.1.25623.1.0.170676
Category:	Denial of Service
Title:	OpenSSL DoS Vulnerability (20231106) - Windows
Summary:	OpenSSL is prone to a denial of service (DoS) vulnerability.
Description:	Summary: OpenSSL is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Vulnerability Impact: Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a denial of service. Affected Software/OS: OpenSSL versions 1.0.2, 1.1.1, 3.0 and 3.1. Solution: Update to version 1.0.2zj, 1.1.1x, 3.0.13, 3.1.5 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-5678 1.0.2zj git commit https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 1.1.1x git commit https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c 3.0.13 git commit https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 3.1.5 git commit https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 OpenSSL Advisory https://www.openssl.org/news/secadv/20231106.txt http://www.openwall.com/lists/oss-security/2024/03/11/1
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.