5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.7%
openssl gitlab is vulnerable to Denial of Service (DoS). An attacker could exploit this vulnerability by tricking a user into processing a specially crafted DH key or parameter. The vulnerable application would then attempt to generate or check the DH key or parameter, which would consume excessive resources and cause the application to crash. This would prevent legitimate users from being able to use the application.
www.openwall.com/lists/oss-security/2024/03/11/1
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6
security-tracker.debian.org/tracker/CVE-2023-5678
security.netapp.com/advisory/ntap-20231130-0010/
www.openssl.org/news/secadv/20231106.txt
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.7%