Skip to content

Commit

Permalink
Add CHANGES.md and NEWS.md entry for CVE-2023-5678
Browse files Browse the repository at this point in the history 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from #22647)

(cherry picked from commit 4ee71b4)
  • Loading branch information
@t8m
t8m committed Nov 8, 2023
1 parent 78a584a commit 200688f
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 2 deletions.
15 changes: 14 additions & 1 deletion CHANGES.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,19 @@ breaking changes, and mappings for the large list of deprecated functions.

### Changes between 3.0.12 and 3.0.13 [xx XXX xxxx]

* none yet
* Fix excessive time spent in DH check / generation with large Q parameter
value.

Applications that use the functions DH_generate_key() to generate an
X9.42 DH key may experience long delays. Likewise, applications that use
DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.

([CVE-2023-5678])

*Richard Levitte*

### Changes between 3.0.11 and 3.0.12 [24 Oct 2023]

Expand Down Expand Up @@ -19744,6 +19756,7 @@ ndif

<!-- Links -->

[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
Expand Down
4 changes: 3 additions & 1 deletion NEWS.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,8 @@ OpenSSL 3.0

### Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [under development]

* none
* Fix excessive time spent in DH check / generation with large Q parameter
value ([CVE-2023-5678])

### Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023]

Expand Down Expand Up @@ -1462,6 +1463,7 @@ OpenSSL 0.9.x

<!-- Links -->

[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
Expand Down

0 comments on commit 200688f

Please sign in to comment.