CVE-2024-4603

Source
https://cve.org/CVERecord?id=CVE-2024-4603
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-4603.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-4603
Downstream
Related
Published
2024-05-16T15:21:20.050Z
Modified
2026-07-14T15:56:46.581170Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
Excessive time spent checking DSA keys and parameters
Details

Issue summary: Checking excessively long DSA keys or parameters may be very slow.

Impact summary: Applications that use the functions EVPPKEYparamcheck() or EVPPKEYpubliccheck() to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service.

The functions EVPPKEYparamcheck() or EVPPKEYpubliccheck() perform various checks on DSA parameters. Some of those computations take a long time if the modulus (p parameter) is too large.

Trying to use a very large modulus is slow and OpenSSL will not allow using public keys with a modulus which is over 10,000 bits in length for signature verification. However the key and parameter check functions do not limit the modulus size when performing the checks.

An application that calls EVPPKEYparamcheck() or EVPPKEYpubliccheck() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack.

These functions are not called by OpenSSL itself on untrusted DSA keys so only applications that directly call these functions may be vulnerable.

Also vulnerable are the OpenSSL pkey and pkeyparam command line applications when using the -check option.

The OpenSSL SSL/TLS implementation is not affected by this issue.

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

Database specific
{
    "cwe_ids": [
        "CWE-606"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/4xxx/CVE-2024-4603.json",
    "cna_assigner": "openssl"
}
References

Affected packages

Git / github.com/openssl/openssl

Affected ranges

Type
GIT
Repo
https://github.com/openssl/openssl
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.0.14"
        },
        {
            "introduced": "3.1.0"
        },
        {
            "fixed": "3.1.6"
        },
        {
            "introduced": "3.2.0"
        },
        {
            "fixed": "3.2.2"
        },
        {
            "introduced": "3.3.0"
        },
        {
            "fixed": "3.3.1"
        }
    ]
}

Affected versions

openssl-3.*
openssl-3.0.0
openssl-3.0.1
openssl-3.0.10
openssl-3.0.11
openssl-3.0.12
openssl-3.0.13
openssl-3.0.2
openssl-3.0.3
openssl-3.0.4
openssl-3.0.5
openssl-3.0.6
openssl-3.0.7
openssl-3.0.8
openssl-3.0.9
openssl-3.1.0
openssl-3.1.1
openssl-3.1.2
openssl-3.1.3
openssl-3.1.4
openssl-3.1.5
openssl-3.2.0
openssl-3.2.1
openssl-3.3.0

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-4603.json"
vanir_signatures_modified
"2026-07-14T15:56:46Z"
vanir_signatures
[
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d",
        "digest": {
            "length": 152.0,
            "function_hash": "219663322568032758739344610759529853203"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_pub_key",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-0f1dc7ae"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d",
        "digest": {
            "length": 301.0,
            "function_hash": "307444583308020639014663628111494753137"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_params",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-27dbfa1b"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397",
        "digest": {
            "length": 187.0,
            "function_hash": "63303990667448414431624506292711823034"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_priv_key",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-287eb402"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e",
        "digest": {
            "length": 521.0,
            "function_hash": "236650307775533617446147756765254676295"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_pairwise",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-302cbd02"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d",
        "digest": {
            "length": 521.0,
            "function_hash": "236650307775533617446147756765254676295"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_pairwise",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-32202760"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740",
        "digest": {
            "length": 301.0,
            "function_hash": "307444583308020639014663628111494753137"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_params",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-4187310f"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d",
        "digest": {
            "line_hashes": [
                "243150946184705416718670416235183356916",
                "180349981022369179925439192885659650714",
                "8106935018977536703215056308323611634",
                "137549371667215865797354773677897919745",
                "178836937939992247904524348378080056735",
                "278097579510097664881660522629381390399",
                "90181849990248972169943799142956395004",
                "74978584338083252776430056065644879326",
                "76169492372411342605408504353923724513",
                "55983040006459865879982821551074916929",
                "326410872419412397963066451556847399168",
                "83139677653707575113776342785214859276",
                "328344147515312161050901724342349399519",
                "12296000804367969784194674287167751474",
                "213080590428735873312882663715853986836",
                "18090696423168841971202238792296069525",
                "249365869365766579695386042359288790320",
                "159149726014041690445969824550432676451",
                "256845625190901066519403965942137550781",
                "131307540412419780483250265659272263156",
                "312611335098158983336659862104821095064",
                "128039915356107327974349445235373709199",
                "32274130780543847983305058081411750891"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-47776a39"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740",
        "digest": {
            "length": 521.0,
            "function_hash": "236650307775533617446147756765254676295"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_pairwise",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-4dbed64f"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397",
        "digest": {
            "length": 301.0,
            "function_hash": "307444583308020639014663628111494753137"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_params",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-6b2b3cbf"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740",
        "digest": {
            "line_hashes": [
                "243150946184705416718670416235183356916",
                "180349981022369179925439192885659650714",
                "8106935018977536703215056308323611634",
                "137549371667215865797354773677897919745",
                "178836937939992247904524348378080056735",
                "278097579510097664881660522629381390399",
                "90181849990248972169943799142956395004",
                "74978584338083252776430056065644879326",
                "76169492372411342605408504353923724513",
                "55983040006459865879982821551074916929",
                "326410872419412397963066451556847399168",
                "83139677653707575113776342785214859276",
                "328344147515312161050901724342349399519",
                "12296000804367969784194674287167751474",
                "213080590428735873312882663715853986836",
                "18090696423168841971202238792296069525",
                "249365869365766579695386042359288790320",
                "159149726014041690445969824550432676451",
                "256845625190901066519403965942137550781",
                "131307540412419780483250265659272263156",
                "312611335098158983336659862104821095064",
                "128039915356107327974349445235373709199",
                "32274130780543847983305058081411750891"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-6f6a722b"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e",
        "digest": {
            "line_hashes": [
                "243150946184705416718670416235183356916",
                "180349981022369179925439192885659650714",
                "8106935018977536703215056308323611634",
                "137549371667215865797354773677897919745",
                "178836937939992247904524348378080056735",
                "278097579510097664881660522629381390399",
                "90181849990248972169943799142956395004",
                "74978584338083252776430056065644879326",
                "76169492372411342605408504353923724513",
                "55983040006459865879982821551074916929",
                "326410872419412397963066451556847399168",
                "83139677653707575113776342785214859276",
                "328344147515312161050901724342349399519",
                "12296000804367969784194674287167751474",
                "213080590428735873312882663715853986836",
                "18090696423168841971202238792296069525",
                "249365869365766579695386042359288790320",
                "159149726014041690445969824550432676451",
                "256845625190901066519403965942137550781",
                "131307540412419780483250265659272263156",
                "312611335098158983336659862104821095064",
                "128039915356107327974349445235373709199",
                "32274130780543847983305058081411750891"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-768ad877"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e",
        "digest": {
            "length": 187.0,
            "function_hash": "63303990667448414431624506292711823034"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_priv_key",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-80202d0f"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397",
        "digest": {
            "length": 152.0,
            "function_hash": "219663322568032758739344610759529853203"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_pub_key",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-98fe2189"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397",
        "digest": {
            "length": 152.0,
            "function_hash": "219663322568032758739344610759529853203"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_pub_key_partial",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-9aa2870f"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e",
        "digest": {
            "length": 152.0,
            "function_hash": "219663322568032758739344610759529853203"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_pub_key_partial",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-a4ba5364"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740",
        "digest": {
            "length": 187.0,
            "function_hash": "63303990667448414431624506292711823034"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_priv_key",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-a5c9e065"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740",
        "digest": {
            "length": 152.0,
            "function_hash": "219663322568032758739344610759529853203"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_pub_key_partial",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-b1dd08ad"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e",
        "digest": {
            "length": 152.0,
            "function_hash": "219663322568032758739344610759529853203"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_pub_key",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-c032044a"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397",
        "digest": {
            "length": 521.0,
            "function_hash": "236650307775533617446147756765254676295"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_pairwise",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-c2f70c2e"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740",
        "digest": {
            "length": 152.0,
            "function_hash": "219663322568032758739344610759529853203"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_pub_key",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-c98162c3"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397",
        "digest": {
            "line_hashes": [
                "243150946184705416718670416235183356916",
                "180349981022369179925439192885659650714",
                "8106935018977536703215056308323611634",
                "137549371667215865797354773677897919745",
                "178836937939992247904524348378080056735",
                "278097579510097664881660522629381390399",
                "90181849990248972169943799142956395004",
                "74978584338083252776430056065644879326",
                "76169492372411342605408504353923724513",
                "55983040006459865879982821551074916929",
                "326410872419412397963066451556847399168",
                "83139677653707575113776342785214859276",
                "328344147515312161050901724342349399519",
                "12296000804367969784194674287167751474",
                "213080590428735873312882663715853986836",
                "18090696423168841971202238792296069525",
                "249365869365766579695386042359288790320",
                "159149726014041690445969824550432676451",
                "256845625190901066519403965942137550781",
                "131307540412419780483250265659272263156",
                "312611335098158983336659862104821095064",
                "128039915356107327974349445235373709199",
                "32274130780543847983305058081411750891"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-cb9b89a3"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d",
        "digest": {
            "length": 187.0,
            "function_hash": "63303990667448414431624506292711823034"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_priv_key",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-de0add79"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d",
        "digest": {
            "length": 152.0,
            "function_hash": "219663322568032758739344610759529853203"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_pub_key_partial",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-defd9f3b"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e",
        "digest": {
            "length": 301.0,
            "function_hash": "307444583308020639014663628111494753137"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_dsa_check_params",
            "file": "crypto/dsa/dsa_check.c"
        },
        "id": "CVE-2024-4603-e6a5924e"
    }
]