Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMCF1EDF95D3B985FAC38C91C3042D94388F2249DB9F4F549576AFC9BDABFCCF45
HistoryJan 23, 2024 - 4:15 a.m.

Security Bulletin: IBM Event Streams is affected by an openSSL Vulnerability - CVE-2023-3817

2024-01-2304:15:28
www.ibm.com
13
ibm event streams
openssl
vulnerability
cve-2023-3817
denial of service
upgrade

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.4%

JSON

Summary

OpenSSL is an open-source command line tool to generate private keys, install your TLS certificates and identify cert information. This CVE-2023-3817 carries a risk of potential denial of service attack.

Vulnerability Details

CVEID:CVE-2023-3817
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Event Streams 10.0.0-11.3.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading

Upgrade to IBM Event Streams 11.3.1 by following the upgrading and migrating documentation.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmevent_streamsRange10.0.0
OR
ibmevent_streamsRange11.3.0

Related

cbl_mariner 6
openvas 59
freebsd 1
ibm 6
openssl 1
wolfi 1
redhatcve 1
cgr 1
veracode 1
cve 1
nessus 90
debiancve 2
osv 5
cvelist 2
slackware 1
amazon 6
ubuntu 2
f5 2
prion 2
nvd 1
redos 1
debian 1
alpinelinux 2
broadcom 1
ubuntucve 2
photon 1
cbl_mariner
cbl_mariner
CVE-2023-3817 affecting package edk2 for versions less than 20230301gitf80f052277c8-37
2024-04-17 22:02:46
CVE-2023-3817 affecting package hvloader for versions less than 1.0.1-3
2024-06-06 19:53:22
CVE-2023-3817 affecting package rust for versions less than 1.68.2-5
2024-07-03 03:08:31
openvas
openvas
openSUSE: Security Advisory for openssl (SUSE-SU-2023:3244-2)
2024-03-04 00:00:00
openSUSE: Security Advisory for openssl (SUSE-SU-2023:3397-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:3958-1)
2023-10-05 00:00:00
freebsd
freebsd
OpenSSL -- Excessive time spent checking DH q parameter value
2023-07-31 00:00:00
ibm
ibm
Security Bulletin: openssl-src-111.26.0+1.1.1u.crate is vulnerable to CVE-2023-3817 used in IBM Maximo Application Suite - Edge Data Collector
2024-03-05 09:15:22
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest
2024-03-14 05:23:12
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to OpenSSL.
2023-11-29 10:14:17
openssl
openssl
Vulnerability in OpenSSL CVE-2023-3817
2023-07-31 00:00:00
wolfi
wolfi
CVE-2023-3817 vulnerabilities
2024-07-03 16:16:08
redhatcve
redhatcve
CVE-2023-3817
2023-08-01 08:19:37
cgr
cgr
CVE-2023-3817 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Denial Of Service (DoS)
2023-08-06 07:40:29
cve
cve
CVE-2023-5678
2023-11-06 16:15:42
nessus
nessus
EulerOS 2.0 SP9 : openssl (EulerOS-SA-2024-1184)
2024-02-08 00:00:00
Ubuntu 20.04 LTS : OpenSSL vulnerabilities (USN-6435-2)
2023-10-25 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-1_1 (SUSE-SU-2023:4524-1)
2023-11-22 00:00:00
debiancve
debiancve
CVE-2023-5678
2023-11-06 16:15:42
CVE-2023-3817
2023-07-31 16:15:10
osv
osv
CVE-2023-5678
2023-11-06 16:15:42
openssl vulnerabilities
2023-10-25 12:40:20
openssl vulnerabilities
2023-10-18 19:51:24
cvelist
cvelist
CVE-2023-3817 Excessive time spent checking DH q parameter value
2023-07-31 15:34:13
CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value
2023-11-06 15:47:30
slackware
slackware
[slackware-security] openssl
2023-08-02 17:08:29
amazon
amazon
Medium: edk2
2023-08-17 11:58:00
Medium: openssl
2023-09-27 22:15:00
Medium: openssl11
2023-08-31 22:28:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2023-10-18 00:00:00
OpenSSL vulnerabilities
2023-10-25 00:00:00
f5
f5
K000138242 : OpenSSL vulnerability CVE-2023-5678
2024-01-17 00:00:00
K000137969 : OpenSSL vulnerability CVE-2023-3817
2023-12-19 00:00:00
prion
prion
Design/Logic Flaw
2023-11-06 16:15:00
Design/Logic Flaw
2023-07-31 16:15:00
nvd
nvd
CVE-2023-3817
2023-07-31 16:15:10
redos
redos
ROS-20230907-04
2023-09-07 00:00:00
debian
debian
[SECURITY] [DLA 3530-1] openssl security update
2023-08-16 05:56:34
alpinelinux
alpinelinux
CVE-2023-5678
2023-11-06 16:15:42
CVE-2023-3817
2023-07-31 16:15:10
broadcom
broadcom
Excessive time spent checking DH q parameter value (CVE-2023-3817)
2024-04-16 00:00:00
ubuntucve
ubuntucve
CVE-2023-3817
2023-07-31 00:00:00
CVE-2023-5678
2023-11-06 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2023-3.0-0640
2023-08-25 00:00:00

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.4%

JSON
Related for CF1EDF95D3B985FAC38C91C3042D94388F2249DB9F4F549576AFC9BDABFCCF45
cbl_mariner6openvas59freebsd1ibm6openssl1wolfi1redhatcve1cgr1veracode1cve1nessus90debiancve2osv5cvelist2slackware1amazon6ubuntu2f52prion2nvd1redos1debian1alpinelinux2broadcom1ubuntucve2photon1