Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is an overly large prime, then this computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL pkey command line application. For that reason that application is also vulnerable if used with the '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

The version of cloud-hypervisor-cvm / nodejs18 / openssl / nodejs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6237 advisory.

  - Issue summary: Checking excessively long invalid RSA public keys May take a long time. Impact summary:
    Applications that use the function EVP_PKEY_public_check() to check RSA public keys May experience long     delays. Where the key that is being checked has been obtained from an untrusted source this May lead to a     Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is     done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more     large primes and this computation completes quickly. However, if n is an overly large prime, then this     computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA     key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function     EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL     pkey command line application. For that reason that application is also vulnerable if used with the     '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by     this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. (CVE-2023-6237)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2447 advisory.

  - Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary:
    Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long     delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a     Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is     done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more     large primes and this computation completes quickly. However, if n is an overly large prime, then this     computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA     key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function     EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL     pkey command line application. For that reason that application is also vulnerable if used with the     '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by     this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. (CVE-2023-6237)

  - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:
    Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key     or DH parameters may experience long delays. Where the key or parameters that are being checked have been     obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs     various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter     value can also trigger an overly long computation during some of these checks. A correct q value, if     present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if     q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an     untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself     called by a number of other OpenSSL functions. An application calling any of those other functions may     similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check().
    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the -check     option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS     providers are not affected by this issue. (CVE-2023-3817)

  - Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might     corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides     vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is     used, the application state might be corrupted with various application dependent consequences. The     POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the     contents of vector registers in a different order than they are saved. Thus the contents of some of these     vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer     PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal     application state corruption can be various - from no consequences, if the calling application does not     depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker     could get complete control of the application process. However unless the compiler uses the vector     registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some     application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm     is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated     data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If     this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used.
    This implies that TLS server applications using OpenSSL can be potentially impacted. However we are     currently not aware of any concrete application that would be affected by this issue therefore we consider     this a Low severity security issue. (CVE-2023-6129)

  - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a     potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from     untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and     may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL     does not correctly check for this case. This can lead to a NULL pointer dereference that results in     OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs     then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are:
    PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and     PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function     is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and     3.0 are not affected by this issue. (CVE-2024-0727)

  - Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated     data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV     algorithm and want to authenticate empty data entries as associated data can be mislead by removing adding     or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently     unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated     data entries along with the encryption. To authenticate empty data the application has to call     EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input     buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of     performing the associated data authentication operation. The empty data thus will not be authenticated. As     this issue does not affect non-empty associated data authentication and we expect it to be rare for an     application to use empty associated data entries this is qualified as Low severity issue. (CVE-2023-2975)

  - Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or     parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to     generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(),     DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may     experience long delays. Where the key or parameters that are being checked have been obtained from an     untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks     (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable     for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an     excessively large P, it doesn't check for an excessively large Q. An application that calls     DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source     could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also     called by a number of other OpenSSL functions. An application calling any of those other functions may     similarly be affected. The other functions affected by this are DH_check_pub_key_ex(),     EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line     application when using the -pubcheck option, as well as the OpenSSL genpkey command line application.
    The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers     are not affected by this issue. (CVE-2023-5678)

  - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:
    Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key     or DH parameters may experience long delays. Where the key or parameters that are being checked have been     obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs     various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too     large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is     over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or     parameters that have been supplied. Some of those checks use the supplied modulus value even if it has     already been found to be too large. An application that calls DH_check() and supplies a key or parameters     obtained from an untrusted source could be vulernable to a Denial of Service attack. The function     DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those     other functions may similarly be affected. The other functions affected by this are DH_check_ex() and     EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications     when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The     OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. (CVE-2023-3446)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of IBM MQ Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7149584 advisory.

  - Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary:
    Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long     delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a     Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is     done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more     large primes and this computation completes quickly. However, if n is an overly large prime, then this     computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA     key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function     EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL     pkey command line application. For that reason that application is also vulnerable if used with the     '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by     this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. (CVE-2023-6237)

  - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a     potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from     untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and     may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL     does not correctly check for this case. This can lead to a NULL pointer dereference that results in     OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs     then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are:
    PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and     PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function     is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and     3.0 are not affected by this issue. (CVE-2024-0727)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2447 advisory.

    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)     protocols, as well as a full-strength general-purpose cryptography library.

    Security Fix(es):

    * openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data     entries (CVE-2023-2975)

    * openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)

    * OpenSSL: Excessive time spent checking DH q parameter value (CVE-2023-3817)

    * openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or     parameters may be very slow (CVE-2023-5678)

    * openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)

    * openssl: Excessive time spent checking invalid RSA public keys (CVE-2023-6237)

    * openssl: denial of service via null dereference (CVE-2024-0727)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-520 advisory.

  - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a     potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from     untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and     may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL     does not correctly check for this case. This can lead to a NULL pointer dereference that results in     OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs     then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are:
    PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and     PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function     is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and     3.0 are not affected by this issue. (CVE-2024-0727)

  - Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary:
    Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long     delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a     Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is     done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more     large primes and this computation completes quickly. However, if n is an overly large prime, then this     computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA     key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function     EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL     pkey command line application. For that reason that application is also vulnerable if used with the     '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by     this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. Found by OSS-Fuzz. Fix     developed by Tomas Mraz. Fixed in OpenSSL 3.0.13 (Affected since 3.0.0). (CVE-2023-6237)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0518-1 advisory.

  - Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might     corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides     vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is     used, the application state might be corrupted with various application dependent consequences. The     POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the     contents of vector registers in a different order than they are saved. Thus the contents of some of these     vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer     PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal     application state corruption can be various - from no consequences, if the calling application does not     depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker     could get complete control of the application process. However unless the compiler uses the vector     registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some     application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm     is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated     data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If     this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used.
    This implies that TLS server applications using OpenSSL can be potentially impacted. However we are     currently not aware of any concrete application that would be affected by this issue therefore we consider     this a Low severity security issue. (CVE-2023-6129)

  - Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary:
    Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long     delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a     Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is     done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more     large primes and this computation completes quickly. However, if n is an overly large prime, then this     computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA     key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function     EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL     pkey command line application. For that reason that application is also vulnerable if used with the     '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by     this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. Found by OSS-Fuzz. Fix     developed by Tomas Mraz. Fixed in OpenSSL 3.0.13 (Affected since 3.0.0). (CVE-2023-6237)

  - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a     potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from     untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and     may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL     does not correctly check for this case. This can lead to a NULL pointer dereference that results in     OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs     then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are:
    PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and     PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function     is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and     3.0 are not affected by this issue. (CVE-2024-0727)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6622-1 advisory.

  - Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or     parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to     generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(),     DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may     experience long delays. Where the key or parameters that are being checked have been obtained from an     untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks     (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable     for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an     excessively large P, it doesn't check for an excessively large Q. An application that calls     DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source     could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also     called by a number of other OpenSSL functions. An application calling any of those other functions may     similarly be affected. The other functions affected by this are DH_check_pub_key_ex(),     EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line     application when using the -pubcheck option, as well as the OpenSSL genpkey command line application.
    The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers     are not affected by this issue. (CVE-2023-5678)

  - Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might     corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides     vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is     used, the application state might be corrupted with various application dependent consequences. The     POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the     contents of vector registers in a different order than they are saved. Thus the contents of some of these     vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer     PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal     application state corruption can be various - from no consequences, if the calling application does not     depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker     could get complete control of the application process. However unless the compiler uses the vector     registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some     application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm     is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated     data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If     this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used.
    This implies that TLS server applications using OpenSSL can be potentially impacted. However we are     currently not aware of any concrete application that would be affected by this issue therefore we consider     this a Low severity security issue. (CVE-2023-6129)

  - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a     potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from     untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and     may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL     does not correctly check for this case. This can lead to a NULL pointer dereference that results in     OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs     then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are:
    PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and     PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function     is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and     3.0 are not affected by this issue. (CVE-2024-0727)

  - Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary:
    Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long     delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a     Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is     done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more     large primes and this computation completes quickly. However, if n is an overly large prime, then this     computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA     key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function     EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL     pkey command line application. For that reason that application is also vulnerable if used with the     '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by     this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. Found by OSS-Fuzz. Fix     developed by Tomas Mraz. Fixed in OpenSSL 3.0.13 (Affected since 3.0.0). (CVE-2023-6237)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 10dee731-c069-11ee-9190-84a93843eb75 advisory.

  - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a     potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from     untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and     may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL     does not correctly check for this case. This can lead to a NULL pointer dereference that results in     OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs     then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are:
    PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and     PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function     is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and     3.0 are not affected by this issue. (CVE-2024-0727)

  - Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary:
    Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long     delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a     Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is     done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more     large primes and this computation completes quickly. However, if n is an overly large prime, then this     computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA     key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function     EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL     pkey command line application. For that reason that application is also vulnerable if used with the     '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by     this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. Found by OSS-Fuzz. Fix     developed by Tomas Mraz. Fixed in OpenSSL 3.0.13 (Affected since 3.0.0). (CVE-2023-6237)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0172-1 advisory.

  - Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might     corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides     vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is     used, the application state might be corrupted with various application dependent consequences. The     POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the     contents of vector registers in a different order than they are saved. Thus the contents of some of these     vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer     PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal     application state corruption can be various - from no consequences, if the calling application does not     depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker     could get complete control of the application process. However unless the compiler uses the vector     registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some     application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm     is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated     data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If     this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used.
    This implies that TLS server applications using OpenSSL can be potentially impacted. However we are     currently not aware of any concrete application that would be affected by this issue therefore we consider     this a Low severity security issue. (CVE-2023-6129)

  - Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary:
    Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long     delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a     Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is     done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more     large primes and this computation completes quickly. However, if n is an overly large prime, then this     computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA     key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function     EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL     pkey command line application. For that reason that application is also vulnerable if used with the
    -pubin' and -check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by     this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. Found by OSS-Fuzz. Fix     developed by Tomas Mraz. Fixed in OpenSSL 3.2.1 (Affected since 3.2.0). (CVE-2023-6237)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of OpenSSL installed on the remote host is prior to 3.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.2.1 advisory.

  - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a     potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from     untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and     may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL     does not correctly check for this case. This can lead to a NULL pointer dereference that results in     OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs     then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are:
    PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and     PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function     is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and     3.0 are not affected by this issue. (CVE-2024-0727)

  - Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary:
    Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long     delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a     Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is     done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more     large primes and this computation completes quickly. However, if n is an overly large prime, then this     computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA     key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function     EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL     pkey command line application. For that reason that application is also vulnerable if used with the     '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by     this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. (CVE-2023-6237)

  - Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might     corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides     vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is     used, the application state might be corrupted with various application dependent consequences. The     POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the     contents of vector registers in a different order than they are saved. Thus the contents of some of these     vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer     PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal     application state corruption can be various - from no consequences, if the calling application does not     depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker     could get complete control of the application process. However unless the compiler uses the vector     registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some     application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm     is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated     data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If     this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used.
    This implies that TLS server applications using OpenSSL can be potentially impacted. However we are     currently not aware of any concrete application that would be affected by this issue therefore we consider     this a Low severity security issue. (CVE-2023-6129)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of OpenSSL installed on the remote host is prior to 3.1.5. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.1.5 advisory.

  - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a     potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from     untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and     may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL     does not correctly check for this case. This can lead to a NULL pointer dereference that results in     OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs     then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are:
    PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and     PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function     is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and     3.0 are not affected by this issue. (CVE-2024-0727)

  - Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary:
    Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long     delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a     Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is     done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more     large primes and this computation completes quickly. However, if n is an overly large prime, then this     computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA     key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function     EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL     pkey command line application. For that reason that application is also vulnerable if used with the     '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by     this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. (CVE-2023-6237)

  - Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might     corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides     vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is     used, the application state might be corrupted with various application dependent consequences. The     POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the     contents of vector registers in a different order than they are saved. Thus the contents of some of these     vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer     PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal     application state corruption can be various - from no consequences, if the calling application does not     depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker     could get complete control of the application process. However unless the compiler uses the vector     registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some     application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm     is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated     data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If     this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used.
    This implies that TLS server applications using OpenSSL can be potentially impacted. However we are     currently not aware of any concrete application that would be affected by this issue therefore we consider     this a Low severity security issue. (CVE-2023-6129)

  - Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or     parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to     generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(),     DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may     experience long delays. Where the key or parameters that are being checked have been obtained from an     untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks     (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable     for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an     excessively large P, it doesn't check for an excessively large Q. An application that calls     DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source     could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also     called by a number of other OpenSSL functions. An application calling any of those other functions may     similarly be affected. The other functions affected by this are DH_check_pub_key_ex(),     EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line     application when using the -pubcheck option, as well as the OpenSSL genpkey command line application.
    The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers     are not affected by this issue. (CVE-2023-5678)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of OpenSSL installed on the remote host is prior to 3.0.13. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.13 advisory.

  - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a     potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from     untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and     may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL     does not correctly check for this case. This can lead to a NULL pointer dereference that results in     OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs     then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are:
    PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and     PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function     is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and     3.0 are not affected by this issue. (CVE-2024-0727)

  - Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary:
    Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long     delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a     Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is     done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more     large primes and this computation completes quickly. However, if n is an overly large prime, then this     computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA     key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function     EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL     pkey command line application. For that reason that application is also vulnerable if used with the     '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by     this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue. (CVE-2023-6237)

  - Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might     corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides     vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is     used, the application state might be corrupted with various application dependent consequences. The     POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the     contents of vector registers in a different order than they are saved. Thus the contents of some of these     vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer     PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal     application state corruption can be various - from no consequences, if the calling application does not     depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker     could get complete control of the application process. However unless the compiler uses the vector     registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some     application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm     is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated     data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If     this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used.
    This implies that TLS server applications using OpenSSL can be potentially impacted. However we are     currently not aware of any concrete application that would be affected by this issue therefore we consider     this a Low severity security issue. (CVE-2023-6129)

  - Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or     parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to     generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(),     DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may     experience long delays. Where the key or parameters that are being checked have been obtained from an     untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks     (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable     for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an     excessively large P, it doesn't check for an excessively large Q. An application that calls     DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source     could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also     called by a number of other OpenSSL functions. An application calling any of those other functions may     similarly be affected. The other functions affected by this are DH_check_pub_key_ex(),     EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line     application when using the -pubcheck option, as well as the OpenSSL genpkey command line application.
    The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers     are not affected by this issue. (CVE-2023-5678)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
201734	CBL Mariner 2.0 Security Update: cloud-hypervisor-cvm / nodejs18 / openssl / nodejs (CVE-2023-6237)	Nessus	MarinerOS Local Security Checks	medium
195055	Oracle Linux 9 : openssl / and / openssl-fips-provider (ELSA-2024-2447)	Nessus	Oracle Linux Local Security Checks	medium
194849	IBM MQ 9.0 <= 9.0.0.24 / 9.1 <= 9.1.0.21 / 9.2 <= 9.2.0.25 / 9.3 <= 9.3.0.17 (7149584)	Nessus	Misc.	medium
194809	RHEL 9 : openssl and openssl-fips-provider (RHSA-2024:2447)	Nessus	Red Hat Local Security Checks	medium
190742	Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2024-520)	Nessus	Amazon Linux Local Security Checks	medium
190658	SUSE SLED15 / SLES15 Security Update : openssl-3 (SUSE-SU-2024:0518-1)	Nessus	SuSE Local Security Checks	medium
189992	Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : OpenSSL vulnerabilities (USN-6622-1)	Nessus	Ubuntu Local Security Checks	medium
189902	FreeBSD : OpenSSL -- Multiple vulnerabilities (10dee731-c069-11ee-9190-84a93843eb75)	Nessus	FreeBSD Local Security Checks	medium
189308	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2024:0172-1)	Nessus	SuSE Local Security Checks	medium
187783	OpenSSL 3.2.0 < 3.2.1 Multiple Vulnerabilities	Nessus	Web Servers	medium
185161	OpenSSL 3.1.0 < 3.1.5 Multiple Vulnerabilities	Nessus	Web Servers	medium
185160	OpenSSL 3.0.0 < 3.0.13 Multiple Vulnerabilities	Nessus	Web Servers	medium

Detections

Analytics

CVE-2023-6237

medium

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium