CVE & CISA-KEV Catalog

CVE-2023-6237

MEDIUMEPSS 81th pctl
5.9
CVSS v3
NVD

Description

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is an overly large prime, then this computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL pkey command line application. For that reason that application is also vulnerable if used with the '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

How to fix

Remediation Available
opensslDebian
Fixed in:3.0.13-1~deb12u1CVE-2023-6237
Fixed in:3.1.5-1CVE-2023-6237
Fixed in:3.1.5-1CVE-2023-6237
edk2Rocky
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
edk2Red Hat / RHEL
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
edk2-aarch64Rocky
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
edk2-aarch64Red Hat / RHEL
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
edk2-debugsourceRocky
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
edk2-debugsourceRed Hat / RHEL
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
edk2-ovmfRocky
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
edk2-ovmfRed Hat / RHEL
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
edk2-toolsRed Hat / RHEL
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
edk2-toolsRocky
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
edk2-tools-debuginfoRocky
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
edk2-tools-debuginfoRed Hat / RHEL
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
edk2-tools-docRocky
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
edk2-tools-docRed Hat / RHEL
Fixed in:0:20240524-6.el9_5RHSA-2024:9088
opensslRed Hat / RHEL
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
opensslRocky
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
openssl-debuginfoRocky
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
openssl-debuginfoRed Hat / RHEL
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
openssl-debugsourceRed Hat / RHEL
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
openssl-debugsourceRocky
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
openssl-develRocky
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
openssl-develRed Hat / RHEL
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
openssl-fips-providerRed Hat / RHEL
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
openssl-fips-providerRocky
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
openssl-fips-provider-debuginfoRed Hat / RHEL
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
openssl-fips-provider-debuginfoRocky
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
openssl-fips-provider-debugsourceRed Hat / RHEL
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
openssl-fips-provider-debugsourceRocky
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
Fixed in:0:3.0.7-2.el9RHSA-2024:2447
openssl-libsRocky
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
openssl-libsRed Hat / RHEL
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
openssl-libs-debuginfoRed Hat / RHEL
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
openssl-libs-debuginfoRocky
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
openssl-perlRed Hat / RHEL
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
openssl-perlRocky
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
Fixed in:1:3.0.7-27.el9RHSA-2024:2447
edk2Ubuntu
Fixed in:2022.02-3ubuntu0.22.04.4USN-7894-1
Fixed in:2024.02-2ubuntu0.6USN-7894-1
libssl1.1Ubuntu
Fixed in:1.1.1f-1ubuntu2.21USN-6622-1
libssl3Ubuntu
Fixed in:3.0.2-0ubuntu1.14USN-6622-1
Fixed in:3.0.10-1ubuntu2.2USN-6622-1
opensslUbuntu
Fixed in:1.1.1f-1ubuntu2.21USN-6622-1
Fixed in:3.0.2-0ubuntu1.14USN-6622-1
Fixed in:3.0.10-1ubuntu2.2USN-6622-1
ovmfUbuntu
Fixed in:2022.02-3ubuntu0.22.04.4USN-7894-1
Fixed in:2024.02-2ubuntu0.6USN-7894-1
ovmf-ia32Ubuntu
Fixed in:2022.02-3ubuntu0.22.04.4USN-7894-1
Fixed in:2024.02-2ubuntu0.6USN-7894-1
qemu-efiUbuntu
Fixed in:2022.02-3ubuntu0.22.04.4USN-7894-1
qemu-efi-aarch64Ubuntu
Fixed in:2022.02-3ubuntu0.22.04.4USN-7894-1
Fixed in:2024.02-2ubuntu0.6USN-7894-1
qemu-efi-armUbuntu
Fixed in:2022.02-3ubuntu0.22.04.4USN-7894-1
Fixed in:2024.02-2ubuntu0.6USN-7894-1
qemu-efi-riscv64Ubuntu
Fixed in:2024.02-2ubuntu0.6USN-7894-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

2.30%probability of exploitation in 30 days
81stpercentile

Elevated risk: more likely to be exploited than 81% of all known CVEs.

References

Embed a live status badge for CVE-2023-6237
CVE-2023-6237 severity badge

Markdown

[![CVE-2023-6237](https://tridentstack.com/cve/badge/CVE-2023-6237.svg)](https://tridentstack.com/cve/CVE-2023-6237)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-6237"><img src="https://tridentstack.com/cve/badge/CVE-2023-6237.svg" alt="CVE-2023-6237"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-05-12.