Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is an overly large prime, then this computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL pkey command line application. For that reason that application is also vulnerable if used with the '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9088 advisory.

    - Resolves: RHEL-55336       (CVE-2024-6119 edk2/openssl: Possible denial of service in X.509 name checks [rhel-9.5])
    - Resolves: RHEL-21653       (CVE-2023-6237 edk2: openssl: Excessive time spent checking invalid RSA public keys [rhel-9])
    - Resolves: RHEL-21150       (CVE-2023-6129 edk2: mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC)
    - Resolves: RHEL-22490       (CVE-2024-0727 edk2: openssl: denial of service via null dereference [rhel-9])

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-9cc95d56ce advisory.

    Security fix for CVE-2023-6237 (openssl: Excessive time spent checking invalid RSA public keys)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9088 advisory.

    EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package     contains a sample 64-bit UEFI firmware for QEMU and KVM.

    Security Fix(es):

    * mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)

    * openssl: Excessive time spent checking invalid RSA public keys (CVE-2023-6237)

    * openssl: denial of service via null dereference (CVE-2024-0727)

    * edk2: Temporary DoS vulnerability (CVE-2024-1298)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-45df72afc6 advisory.

    Security fix for CVE-2023-6237 (openssl: Excessive time spent checking invalid RSA public keys)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of hvloader / cloud-hypervisor-cvm / nodejs / openssl / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6237 advisory.

  - Issue summary: Checking excessively long invalid RSA public keys May take a long time. Impact summary:
    Applications that use the function EVP_PKEY_public_check() to check RSA public keys May experience long     delays. Where the key that is being checked has been obtained from an untrusted source this May lead to a     Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is     done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more     large primes and this computation completes quickly. However, if n is an overly large prime, then this     computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA     key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function     EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL     pkey command line application. For that reason that application is also vulnerable if used with the     '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by     this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. (CVE-2023-6237)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2447 advisory.

    - POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)       Resolves: RHEL-21151
    - Excessive time spent checking invalid RSA public keys (CVE-2023-6237)       Resolves: RHEL-21654

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of IBM MQ Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7149584 advisory.

  - Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary:
    Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long     delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a     Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is     done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more     large primes and this computation completes quickly. However, if n is an overly large prime, then this     computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA     key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function     EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL     pkey command line application. For that reason that application is also vulnerable if used with the     '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by     this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. (CVE-2023-6237)

  - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a     potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from     untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and     may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL     does not correctly check for this case. This can lead to a NULL pointer dereference that results in     OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs     then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are:
    PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and     PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function     is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and     3.0 are not affected by this issue. (CVE-2024-0727)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2447 advisory.

    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)     protocols, as well as a full-strength general-purpose cryptography library.

    Security Fix(es):

    * openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data     entries (CVE-2023-2975)

    * openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)

    * OpenSSL: Excessive time spent checking DH q parameter value (CVE-2023-3817)

    * openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or     parameters may be very slow (CVE-2023-5678)

    * openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)

    * openssl: Excessive time spent checking invalid RSA public keys (CVE-2023-6237)

    * openssl: denial of service via null dereference (CVE-2024-0727)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-520 advisory.

    A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a     computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product     of two or more large primes and this computation completes quickly. However, if n is a large prime, this     computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key     obtained from an untrusted source could be vulnerable to a Denial of Service attack. (CVE-2023-6237)

    Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of     Service attack

    The package openssl098e is provided purely for binary compatibility with older Amazon Linux versions. It     does not receive security updates. (CVE-2024-0727)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0518-1 advisory.

  - Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might     corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides     vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is     used, the application state might be corrupted with various application dependent consequences. The     POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the     contents of vector registers in a different order than they are saved. Thus the contents of some of these     vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer     PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal     application state corruption can be various - from no consequences, if the calling application does not     depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker     could get complete control of the application process. However unless the compiler uses the vector     registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some     application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm     is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated     data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If     this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used.
    This implies that TLS server applications using OpenSSL can be potentially impacted. However we are     currently not aware of any concrete application that would be affected by this issue therefore we consider     this a Low severity security issue. (CVE-2023-6129)

  - Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary:
    Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long     delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a     Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is     done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more     large primes and this computation completes quickly. However, if n is an overly large prime, then this     computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA     key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function     EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL     pkey command line application. For that reason that application is also vulnerable if used with the     '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by     this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. Found by OSS-Fuzz. Fix     developed by Tomas Mraz. Fixed in OpenSSL 3.0.13 (Affected since 3.0.0). (CVE-2023-6237)

  - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a     potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from     untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and     may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL     does not correctly check for this case. This can lead to a NULL pointer dereference that results in     OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs     then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are:
    PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and     PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function     is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and     3.0 are not affected by this issue. (CVE-2024-0727)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6622-1 advisory.

    David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote     attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of     service. (CVE-2023-5678)

    Sverker Eriksson discovered that OpenSSL incorrectly handled POLY1304 MAC on the PowerPC architecture. A     remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or     possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04.
    (CVE-2023-6129)

    It was discovered that OpenSSL incorrectly handled excessively long RSA public keys. A remote attacker     could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. This     issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-6237)

    Bahaa Naamneh discovered that OpenSSL incorrectly handled certain malformed PKCS12 files. A remote     attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.
    (CVE-2024-0727)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 10dee731-c069-11ee-9190-84a93843eb75 advisory.

  - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a     potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from     untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and     may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL     does not correctly check for this case. This can lead to a NULL pointer dereference that results in     OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs     then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are:
    PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and     PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function     is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and     3.0 are not affected by this issue. (CVE-2024-0727)

  - Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary:
    Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long     delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a     Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is     done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more     large primes and this computation completes quickly. However, if n is an overly large prime, then this     computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA     key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function     EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL     pkey command line application. For that reason that application is also vulnerable if used with the     '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by     this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. Found by OSS-Fuzz. Fix     developed by Tomas Mraz. Fixed in OpenSSL 3.0.13 (Affected since 3.0.0). (CVE-2023-6237)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0172-1 advisory.

  - Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might     corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides     vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is     used, the application state might be corrupted with various application dependent consequences. The     POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the     contents of vector registers in a different order than they are saved. Thus the contents of some of these     vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer     PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal     application state corruption can be various - from no consequences, if the calling application does not     depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker     could get complete control of the application process. However unless the compiler uses the vector     registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some     application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm     is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated     data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If     this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used.
    This implies that TLS server applications using OpenSSL can be potentially impacted. However we are     currently not aware of any concrete application that would be affected by this issue therefore we consider     this a Low severity security issue. (CVE-2023-6129)

  - Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary:
    Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long     delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a     Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is     done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more     large primes and this computation completes quickly. However, if n is an overly large prime, then this     computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA     key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function     EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL     pkey command line application. For that reason that application is also vulnerable if used with the
    -pubin' and -check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by     this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. Found by OSS-Fuzz. Fix     developed by Tomas Mraz. Fixed in OpenSSL 3.2.1 (Affected since 3.2.0). (CVE-2023-6237)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of OpenSSL installed on the remote host is prior to 3.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.2.1 advisory.

  - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a     potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from     untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and     may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL     does not correctly check for this case. This can lead to a NULL pointer dereference that results in     OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs     then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are:
    PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and     PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function     is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and     3.0 are not affected by this issue. (CVE-2024-0727)

  - Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary:
    Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long     delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a     Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is     done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more     large primes and this computation completes quickly. However, if n is an overly large prime, then this     computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA     key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function     EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL     pkey command line application. For that reason that application is also vulnerable if used with the     '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by     this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. (CVE-2023-6237)

  - Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might     corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides     vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is     used, the application state might be corrupted with various application dependent consequences. The     POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the     contents of vector registers in a different order than they are saved. Thus the contents of some of these     vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer     PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal     application state corruption can be various - from no consequences, if the calling application does not     depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker     could get complete control of the application process. However unless the compiler uses the vector     registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some     application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm     is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated     data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If     this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used.
    This implies that TLS server applications using OpenSSL can be potentially impacted. However we are     currently not aware of any concrete application that would be affected by this issue therefore we consider     this a Low severity security issue. (CVE-2023-6129)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of OpenSSL installed on the remote host is prior to 3.1.5. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.1.5 advisory.

  - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a     potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from     untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and     may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL     does not correctly check for this case. This can lead to a NULL pointer dereference that results in     OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs     then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are:
    PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and     PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function     is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and     3.0 are not affected by this issue. (CVE-2024-0727)

  - Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary:
    Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long     delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a     Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is     done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more     large primes and this computation completes quickly. However, if n is an overly large prime, then this     computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA     key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function     EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL     pkey command line application. For that reason that application is also vulnerable if used with the     '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by     this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. (CVE-2023-6237)

  - Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might     corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides     vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is     used, the application state might be corrupted with various application dependent consequences. The     POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the     contents of vector registers in a different order than they are saved. Thus the contents of some of these     vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer     PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal     application state corruption can be various - from no consequences, if the calling application does not     depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker     could get complete control of the application process. However unless the compiler uses the vector     registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some     application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm     is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated     data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If     this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used.
    This implies that TLS server applications using OpenSSL can be potentially impacted. However we are     currently not aware of any concrete application that would be affected by this issue therefore we consider     this a Low severity security issue. (CVE-2023-6129)

  - Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or     parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to     generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(),     DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may     experience long delays. Where the key or parameters that are being checked have been obtained from an     untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks     (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable     for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an     excessively large P, it doesn't check for an excessively large Q. An application that calls     DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source     could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also     called by a number of other OpenSSL functions. An application calling any of those other functions may     similarly be affected. The other functions affected by this are DH_check_pub_key_ex(),     EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line     application when using the -pubcheck option, as well as the OpenSSL genpkey command line application.
    The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers     are not affected by this issue. (CVE-2023-5678)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of OpenSSL installed on the remote host is prior to 3.0.13. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.13 advisory.

  - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a     potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from     untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and     may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL     does not correctly check for this case. This can lead to a NULL pointer dereference that results in     OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs     then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are:
    PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and     PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function     is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and     3.0 are not affected by this issue. (CVE-2024-0727)

  - Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary:
    Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long     delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a     Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is     done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more     large primes and this computation completes quickly. However, if n is an overly large prime, then this     computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA     key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function     EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL     pkey command line application. For that reason that application is also vulnerable if used with the     '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by     this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. (CVE-2023-6237)

  - Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might     corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides     vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is     used, the application state might be corrupted with various application dependent consequences. The     POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the     contents of vector registers in a different order than they are saved. Thus the contents of some of these     vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer     PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal     application state corruption can be various - from no consequences, if the calling application does not     depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker     could get complete control of the application process. However unless the compiler uses the vector     registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some     application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm     is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated     data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If     this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used.
    This implies that TLS server applications using OpenSSL can be potentially impacted. However we are     currently not aware of any concrete application that would be affected by this issue therefore we consider     this a Low severity security issue. (CVE-2023-6129)

  - Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or     parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to     generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(),     DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may     experience long delays. Where the key or parameters that are being checked have been obtained from an     untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks     (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable     for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an     excessively large P, it doesn't check for an excessively large Q. An application that calls     DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source     could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also     called by a number of other OpenSSL functions. An application calling any of those other functions may     similarly be affected. The other functions affected by this are DH_check_pub_key_ex(),     EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line     application when using the -pubcheck option, as well as the OpenSSL genpkey command line application.
    The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers     are not affected by this issue. (CVE-2023-5678)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
211549	Oracle Linux 9 : edk2 (ELSA-2024-9088)	Nessus	Oracle Linux Local Security Checks	medium
211290	Fedora 41 : edk2 (2024-9cc95d56ce)	Nessus	Fedora Local Security Checks	medium
210835	RHEL 9 : edk2 (RHSA-2024:9088)	Nessus	Red Hat Local Security Checks	medium
209841	Fedora 40 : edk2 (2024-45df72afc6)	Nessus	Fedora Local Security Checks	medium
201734	CBL Mariner 2.0 Security Update: hvloader / cloud-hypervisor-cvm / nodejs / openssl / nodejs18 (CVE-2023-6237)	Nessus	MarinerOS Local Security Checks	medium
195055	Oracle Linux 9 : openssl / and / openssl-fips-provider (ELSA-2024-2447)	Nessus	Oracle Linux Local Security Checks	critical
194849	IBM MQ 9.0 <= 9.0.0.24 / 9.1 <= 9.1.0.21 / 9.2 <= 9.2.0.25 / 9.3 <= 9.3.0.17 (7149584)	Nessus	Misc.	medium
194809	RHEL 9 : openssl and openssl-fips-provider (RHSA-2024:2447)	Nessus	Red Hat Local Security Checks	critical
190742	Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2024-520)	Nessus	Amazon Linux Local Security Checks	medium
190658	SUSE SLED15 / SLES15 Security Update : openssl-3 (SUSE-SU-2024:0518-1)	Nessus	SuSE Local Security Checks	medium
189992	Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : OpenSSL vulnerabilities (USN-6622-1)	Nessus	Ubuntu Local Security Checks	medium
189902	FreeBSD : OpenSSL -- Multiple vulnerabilities (10dee731-c069-11ee-9190-84a93843eb75)	Nessus	FreeBSD Local Security Checks	medium
189308	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2024:0172-1)	Nessus	SuSE Local Security Checks	medium
187783	OpenSSL 3.2.0 < 3.2.1 Multiple Vulnerabilities	Nessus	Web Servers	medium
185161	OpenSSL 3.1.0 < 3.1.5 Multiple Vulnerabilities	Nessus	Web Servers	medium
185160	OpenSSL 3.0.0 < 3.0.13 Multiple Vulnerabilities	Nessus	Web Servers	medium

Detections

Analytics

CVE-2023-6237

medium

Tenable Plugins

medium

medium

medium

medium

medium

critical

medium

critical

medium

medium

medium

medium

medium

medium

medium

medium