Bug 1213853 (CVE-2023-3817)

Summary: VUL-0: CVE-2023-3817: openssl: Excessive time spent checking DH q parameter value
Product: [Novell Products] SUSE Security Incidents Reporter: Robert Frohl <rfrohl>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: meissner, pmonrealgonzalez, stoyan.manolov
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/373803/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-3817:5.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Robert Frohl 2023-08-01 09:24:53 UTC 
CVE-2023-3817

Issue summary: Checking excessively long DH keys or parameters may be very
slow.

Impact summary: Applications that use the functions DH_check(), DH_check_ex()
or EVP_PKEY_param_check() to check a DH key or DH parameters may experience
long
delays. Where the key or parameters that are being checked have been obtained
from an untrusted source this may lead to a Denial of Service.

The function DH_check() performs various checks on DH parameters. After fixing
CVE-2023-3446 it was discovered that a large q parameter value can also trigger
an overly long computation during some of these checks. A correct q value,
if present, cannot be larger than the modulus p parameter, thus it is
unnecessary to perform these checks if q is larger than p.

An application that calls DH_check() and supplies a key or parameters obtained
from an untrusted source could be vulnerable to a Denial of Service attack.

The function DH_check() is itself called by a number of other OpenSSL
functions.
An application calling any of those other functions may similarly be affected.
The other functions affected by this are DH_check_ex() and
EVP_PKEY_param_check().

Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications
when using the "-check" option.

The OpenSSL SSL/TLS implementation is not affected by this issue.

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3817
https://www.cve.org/CVERecord?id=CVE-2023-3817
https://seclists.org/oss-sec/2023/q3/85
http://www.openwall.com/lists/oss-security/2023/07/31/1
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5
https://www.openssl.org/news/secadv/20230731.txt
Comment 5 Pedro Monreal Gonzalez 2023-08-03 09:51:22 UTC 
Upstream added another related commit with tests for this change, here:
  * openssl 1.1.1v: https://github.com/openssl/openssl/commit/34d0f5cb
  * openssl 3.1.2:  https://github.com/openssl/openssl/commit/1478ffad

This change is not required but I have included it in the 1.1.1x versions. The tests are not included in the 3.1.x series as I found the commit after submitting 3.1.x. I can include them and re-submit if required.
Comment 8 Otto Hollmann 2023-08-08 14:52:01 UTC 
All affected codestreams were submitted:

> Codestream                   Package           Request
> -----------------------------------------------------------------------------------
> openSUSE:Factory             openssl (meta)    https://build.opensuse.org/request/show/1101935
> SUSE:ALP:Source:Standard:1.0 openssl (meta)    https://build.suse.de/request/show/304299
> -----------------------------------------------------------------------------------
> SUSE:ALP:Source:Standard:1.0 openssl-3         https://build.suse.de/request/show/304298
> SUSE:SLE-15-SP5:Update       openssl-3         https://build.suse.de/request/show/304289
> SUSE:SLE-15-SP4:Update       openssl-3         https://build.suse.de/request/show/304290
> openSUSE:Factory             openssl-3         https://build.opensuse.org/request/show/1101934
> -----------------------------------------------------------------------------------
> SUSE:ALP:Source:Standard:1.0 openssl-1_1       https://build.suse.de/request/show/304301
> SUSE:SLE-15-SP5:Update       openssl-1_1       https://build.suse.de/request/show/304337
> SUSE:SLE-15-SP4:Update       openssl-1_1       https://build.suse.de/request/show/304339
> SUSE:SLE-15-SP2:Update       openssl-1_1       https://build.suse.de/request/show/304544
> SUSE:SLE-15-SP1:Update       openssl-1_1       https://build.suse.de/request/show/304343
> SUSE:SLE-12-SP4:Update       openssl-1_1       https://build.suse.de/request/show/304344
> openSUSE:Factory             openssl-1_1       https://build.opensuse.org/request/show/1101937
> -----------------------------------------------------------------------------------
> SUSE:SLE-15:Update           openssl-1_0_0     https://build.suse.de/request/show/305001
> SUSE:SLE-12-SP4:Update       openssl-1_0_0     https://build.suse.de/request/show/305002
> SUSE:SLE-12-SP2:Update       openssl           https://build.suse.de/request/show/305003
> SUSE:SLE-11-SP3:Update       openssl1          not affected
> openSUSE:Factory             openssl-1_0_0     https://build.opensuse.org/request/show/1102939
> -----------------------------------------------------------------------------------
> SUSE:SLE-12:Update           compat-openssl098 not affected
> SUSE:SLE-11-SP1:Update       openssl           not affected

OpenSSL 1.0.1 and older are not affected. Additional checks (especially g^q == 1 mod p) that might trigger an overly long computation were introduced in 2011 by commit 07981709667191ae61595a6f40530ccc4e41386f.



(In reply to Pedro Monreal Gonzalez from comment #5)
> Upstream added another related commit with tests for this change, here:
>   * openssl 1.1.1v: https://github.com/openssl/openssl/commit/34d0f5cb
>   * openssl 3.1.2:  https://github.com/openssl/openssl/commit/1478ffad
> 
> This change is not required but I have included it in the 1.1.1x versions.
> The tests are not included in the 3.1.x series as I found the commit after
> submitting 3.1.x. I can include them and re-submit if required.

I added tests into our Devel project so it will be submitted with next CVE.

Assigning back to security team.
Comment 9 Maintenance Automation 2023-08-08 20:30:16 UTC 
SUSE-SU-2023:3244-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213853
CVE References: CVE-2023-3817
Sources used:
openSUSE Leap 15.4 (src): openssl-3-3.0.8-150400.4.34.1
Basesystem Module 15-SP4 (src): openssl-3-3.0.8-150400.4.34.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Maintenance Automation 2023-08-08 20:30:18 UTC 
SUSE-SU-2023:3243-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213853
CVE References: CVE-2023-3817
Sources used:
openSUSE Leap 15.5 (src): openssl-3-3.0.8-150500.5.11.1
Basesystem Module 15-SP5 (src): openssl-3-3.0.8-150500.5.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Maintenance Automation 2023-08-08 20:30:20 UTC 
SUSE-SU-2023:3242-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213853
CVE References: CVE-2023-3817
Sources used:
openSUSE Leap 15.5 (src): openssl-1_1-1.1.1l-150500.17.15.1
Basesystem Module 15-SP5 (src): openssl-1_1-1.1.1l-150500.17.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Maintenance Automation 2023-08-08 20:30:30 UTC 
SUSE-SU-2023:3239-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213853
CVE References: CVE-2023-3817
Sources used:
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): openssl-1_1-1.1.1d-2.98.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): openssl-1_1-1.1.1d-2.98.1
SUSE Linux Enterprise Server 12 SP5 (src): openssl-1_1-1.1.1d-2.98.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): openssl-1_1-1.1.1d-2.98.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Maintenance Automation 2023-08-11 12:30:13 UTC 
SUSE-SU-2023:3291-1: An update that solves one vulnerability and has one fix can now be installed.

Category: security (moderate)
Bug References: 1213517, 1213853
CVE References: CVE-2023-3817
Sources used:
SUSE Manager Proxy 4.2 (src): openssl-1_1-1.1.1d-150200.11.75.1
SUSE Manager Retail Branch Server 4.2 (src): openssl-1_1-1.1.1d-150200.11.75.1
SUSE Manager Server 4.2 (src): openssl-1_1-1.1.1d-150200.11.75.1
SUSE Linux Enterprise Micro 5.1 (src): openssl-1_1-1.1.1d-150200.11.75.1
SUSE Linux Enterprise Micro 5.2 (src): openssl-1_1-1.1.1d-150200.11.75.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): openssl-1_1-1.1.1d-150200.11.75.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Maintenance Automation 2023-08-14 12:30:01 UTC 
SUSE-SU-2023:3308-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213853
CVE References: CVE-2023-3817
Sources used:
SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): openssl-1.0.2j-60.104.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Maintenance Automation 2023-08-17 12:30:13 UTC 
SUSE-SU-2023:3339-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213853
CVE References: CVE-2023-3817
Sources used:
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): openssl-1_0_0-1.0.2p-3.84.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): openssl-1_0_0-1.0.2p-3.84.1
SUSE Linux Enterprise Server 12 SP5 (src): openssl-1_0_0-1.0.2p-3.84.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): openssl-1_0_0-1.0.2p-3.84.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Maintenance Automation 2023-08-17 12:30:15 UTC 
SUSE-SU-2023:3338-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213853
CVE References: CVE-2023-3817
Sources used:
openSUSE Leap 15.4 (src): openssl-1_0_0-1.0.2p-150000.3.85.1
openSUSE Leap 15.5 (src): openssl-1_0_0-1.0.2p-150000.3.85.1
Legacy Module 15-SP4 (src): openssl-1_0_0-1.0.2p-150000.3.85.1
Legacy Module 15-SP5 (src): openssl-1_0_0-1.0.2p-150000.3.85.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Maintenance Automation 2023-08-23 20:30:26 UTC 
SUSE-SU-2023:3244-2: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213853
CVE References: CVE-2023-3817
Sources used:
openSUSE Leap Micro 5.4 (src): openssl-3-3.0.8-150400.4.34.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): openssl-3-3.0.8-150400.4.34.1
SUSE Linux Enterprise Micro 5.3 (src): openssl-3-3.0.8-150400.4.34.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): openssl-3-3.0.8-150400.4.34.1
SUSE Linux Enterprise Micro 5.4 (src): openssl-3-3.0.8-150400.4.34.1
openSUSE Leap Micro 5.3 (src): openssl-3-3.0.8-150400.4.34.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Maintenance Automation 2023-08-23 20:30:28 UTC 
SUSE-SU-2023:3397-1: An update that solves one vulnerability and has one fix can now be installed.

Category: security (moderate)
Bug References: 1213517, 1213853
CVE References: CVE-2023-3817
Sources used:
openSUSE Leap 15.4 (src): openssl-1_1-1.1.1l-150400.7.53.1
openSUSE Leap Micro 5.3 (src): openssl-1_1-1.1.1l-150400.7.53.1
openSUSE Leap Micro 5.4 (src): openssl-1_1-1.1.1l-150400.7.53.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): openssl-1_1-1.1.1l-150400.7.53.1
SUSE Linux Enterprise Micro 5.3 (src): openssl-1_1-1.1.1l-150400.7.53.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): openssl-1_1-1.1.1l-150400.7.53.1
SUSE Linux Enterprise Micro 5.4 (src): openssl-1_1-1.1.1l-150400.7.53.1
Basesystem Module 15-SP4 (src): openssl-1_1-1.1.1l-150400.7.53.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Maintenance Automation 2023-10-04 08:32:05 UTC 
SUSE-SU-2023:3958-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213853
CVE References: CVE-2023-3817
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): openssl-1_1-1.1.0i-150100.14.65.6
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): openssl-1_1-1.1.0i-150100.14.65.6
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): openssl-1_1-1.1.0i-150100.14.65.6
SUSE CaaS Platform 4.0 (src): openssl-1_1-1.1.0i-150100.14.65.6

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 20 Maintenance Automation 2023-10-04 12:30:09 UTC 
SUSE-SU-2023:3291-2: An update that solves one vulnerability and has one security fix can now be installed.

Category: security (moderate)
Bug References: 1213517, 1213853
CVE References: CVE-2023-3817
Sources used:
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): openssl-1_1-1.1.1d-150200.11.75.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): openssl-1_1-1.1.1d-150200.11.75.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): openssl-1_1-1.1.1d-150200.11.75.1
SUSE Enterprise Storage 7.1 (src): openssl-1_1-1.1.1d-150200.11.75.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): openssl-1_1-1.1.1d-150200.11.75.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): openssl-1_1-1.1.1d-150200.11.75.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): openssl-1_1-1.1.1d-150200.11.75.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): openssl-1_1-1.1.1d-150200.11.75.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Maintenance Automation 2023-10-25 08:30:06 UTC 
SUSE-SU-2023:4190-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1213853, 1216163
CVE References: CVE-2023-3817, CVE-2023-5363
Sources used:
openSUSE Leap 15.5 (src): openssl-3-3.0.8-150500.5.14.1
Basesystem Module 15-SP5 (src): openssl-3-3.0.8-150500.5.14.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 23 Maintenance Automation 2023-10-25 08:30:08 UTC 
SUSE-SU-2023:4189-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1213853, 1216163
CVE References: CVE-2023-3817, CVE-2023-5363
Sources used:
openSUSE Leap 15.4 (src): openssl-3-3.0.8-150400.4.37.1
openSUSE Leap Micro 5.3 (src): openssl-3-3.0.8-150400.4.37.1
openSUSE Leap Micro 5.4 (src): openssl-3-3.0.8-150400.4.37.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): openssl-3-3.0.8-150400.4.37.1
SUSE Linux Enterprise Micro 5.3 (src): openssl-3-3.0.8-150400.4.37.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): openssl-3-3.0.8-150400.4.37.1
SUSE Linux Enterprise Micro 5.4 (src): openssl-3-3.0.8-150400.4.37.1
Basesystem Module 15-SP4 (src): openssl-3-3.0.8-150400.4.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.