What is CVE-2024-4603?

CVE-2024-4603 is a vulnerability in Openssl, classified under CWE-606. Published 2024-05-16.

Is CVE-2024-4603 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Openssl

CVE-2024-4603

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experi…

EPSS: 0.001 (25.7th percentile) — read the EPSS interpretation.

Affected products

Openssl — versions 3.0.0, 3.1.0, 3.2.0

Weakness classification (CWE)

CWE-606

Public proof-of-concept exploits

ardhiatno/ubimicro-fluentbit
bcgov/jag-cdds
chnzzh/OpenSSL-CVE-lib
fkie-cad/nvd-json-data-feeds
h4ckm1n-dev/report-test
jtgorny/cve-scanning

References

OpenSSL Advisory (vendor-advisory)
3.0.14 git commit (patch)
3.1.6 git commit (patch)
3.2.2 git commit (patch)
3.3.1 git commit (patch)

Frequently asked questions

What is CVE-2024-4603?: CVE-2024-4603 is a vulnerability in Openssl, classified under CWE-606. Published 2024-05-16.
Is CVE-2024-4603 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.