cyber-dojo
flows
saver-archived-at-1707630914
artifacts
131256eb5dfd88f82391d09b7fc4485f9096b3ccf1e79bebb37d37073f9cca41
By signing up, you agree to the
Terms of Service.
For more information about Kosli’s privacy practices, see the Kosli’s
Privacy Policy.
We’ll occasionally send you account-related emails.
We’ll occasionally send you account-related emails.
saver-archived-at-1707630914
Group/Kata model+persistence
cyberdojo/saver:1cbd58a
Non-compliant
Download Evidence Package
JSON
{ "created_at": 1698850623.4617484, "fingerprint": "131256eb5dfd88f82391d09b7fc4485f9096b3ccf1e79bebb37d37073f9cca41", "filename": "cyberdojo/saver:1cbd58a", "git_commit": "1cbd58aa1a47737b8b0dfd23d83d2319eb50d624", "build_url": "https://github.com/cyber-dojo/saver/actions/runs/6721273342", "commit_url": "https://github.com/cyber-dojo/saver/commit/1cbd58aa1a47737b8b0dfd23d83d2319eb50d624", "evidence": { "branch-coverage": { "evidence_type": "generic", "is_compliant": true, "build_url": "https://github.com/cyber-dojo/saver/actions/runs/6721273342", "description": "server & client branch-coverage reports", "user_data": { "client": { "command_name": "Minitest", "groups": { "app": { "branches": { "covered": 2, "missed": 0, "total": 2 }, "lines": { "covered": 127, "missed": 0, "total": 127 } }, "test": { "branches": { "covered": 2, "missed": 0, "total": 2 }, "lines": { "covered": 593, "missed": 0, "total": 593 } } }, "timestamp": 1698850639 }, "server": { "command_name": "Minitest", "groups": { "app": { "branches": { "covered": 137, "missed": 2, "total": 139 }, "lines": { "covered": 1233, "missed": 10, "total": 1243 } }, "test": { "branches": { "covered": 12, "missed": 0, "total": 12 }, "lines": { "covered": 1756, "missed": 0, "total": 1756 } } }, "timestamp": 1698850635 } }, "created_at": 1698850642.6430173, "has_audit_package": false }, "snyk-scan": { "evidence_type": "snyk", "is_compliant": false, "build_url": "https://github.com/cyber-dojo/snyk_scans/actions/runs/6913041804", "evidence_archive_fingerprint": "6cbaa299963cb283af1e857cf27d183a08eda74273cb946f79cca66139ce3692", "user_data": {}, "snyk_results": { "applications": [ { "dependencyCount": 0, "displayTargetFile": "/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "docker": {}, "filesystemPolicy": true, "hasUnknownVersions": false, "ignoreSettings": { "adminOnly": false, "disregardFilesystemIgnores": false, "reasonRequired": false }, "isPrivate": true, "licensesPolicy": { "orgLicenseRules": { "AGPL-1.0": { "instructions": "", "licenseType": "AGPL-1.0", "severity": "high" }, "AGPL-3.0": { "instructions": "", "licenseType": "AGPL-3.0", "severity": "high" }, "Artistic-1.0": { "instructions": "", "licenseType": "Artistic-1.0", "severity": "medium" }, "Artistic-2.0": { "instructions": "", "licenseType": "Artistic-2.0", "severity": "medium" }, "CDDL-1.0": { "instructions": "", "licenseType": "CDDL-1.0", "severity": "medium" }, "CPOL-1.02": { "instructions": "", "licenseType": "CPOL-1.02", "severity": "high" }, "EPL-1.0": { "instructions": "", "licenseType": "EPL-1.0", "severity": "medium" }, "GPL-2.0": { "instructions": "", "licenseType": "GPL-2.0", "severity": "high" }, "GPL-3.0": { "instructions": "", "licenseType": "GPL-3.0", "severity": "high" }, "LGPL-2.0": { "instructions": "", "licenseType": "LGPL-2.0", "severity": "medium" }, "LGPL-2.1": { "instructions": "", "licenseType": "LGPL-2.1", "severity": "medium" }, "LGPL-3.0": { "instructions": "", "licenseType": "LGPL-3.0", "severity": "medium" }, "MPL-1.1": { "instructions": "", "licenseType": "MPL-1.1", "severity": "medium" }, "MPL-2.0": { "instructions": "", "licenseType": "MPL-2.0", "severity": "medium" }, "MS-RL": { "instructions": "", "licenseType": "MS-RL", "severity": "medium" }, "SimPL-2.0": { "instructions": "", "licenseType": "SimPL-2.0", "severity": "high" } }, "severities": {} }, "ok": true, "org": "jonjagger", "packageManager": "maven", "path": "274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@sha256:131256eb5dfd88f82391d09b7fc4485f9096b3ccf1e79bebb37d37073f9cca41/saver:1cbd58a@sha256:131256eb5dfd88f82391d09b7fc4485f9096b3ccf1e79bebb37d37073f9cca41:/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\nignore: {}\npatch: {}\n", "projectName": "274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@sha256:131256eb5dfd88f82391d09b7fc4485f9096b3ccf1e79bebb37d37073f9cca41:/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "severityThreshold": "medium", "summary": "No medium or high or critical severity vulnerabilities", "targetFile": "/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "uniqueCount": 0, "vulnerabilities": [] } ], "dependencyCount": 85, "docker": { "binariesVulns": { "affectedPkgs": {}, "issuesData": {} } }, "filesystemPolicy": true, "filtered": { "ignore": [], "patch": [] }, "hasUnknownVersions": false, "ignoreSettings": { "adminOnly": false, "disregardFilesystemIgnores": false, "reasonRequired": false }, "isPrivate": true, "licensesPolicy": { "orgLicenseRules": { "AGPL-1.0": { "instructions": "", "licenseType": "AGPL-1.0", "severity": "high" }, "AGPL-3.0": { "instructions": "", "licenseType": "AGPL-3.0", "severity": "high" }, "Artistic-1.0": { "instructions": "", "licenseType": "Artistic-1.0", "severity": "medium" }, "Artistic-2.0": { "instructions": "", "licenseType": "Artistic-2.0", "severity": "medium" }, "CDDL-1.0": { "instructions": "", "licenseType": "CDDL-1.0", "severity": "medium" }, "CPOL-1.02": { "instructions": "", "licenseType": "CPOL-1.02", "severity": "high" }, "EPL-1.0": { "instructions": "", "licenseType": "EPL-1.0", "severity": "medium" }, "GPL-2.0": { "instructions": "", "licenseType": "GPL-2.0", "severity": "high" }, "GPL-3.0": { "instructions": "", "licenseType": "GPL-3.0", "severity": "high" }, "LGPL-2.0": { "instructions": "", "licenseType": "LGPL-2.0", "severity": "medium" }, "LGPL-2.1": { "instructions": "", "licenseType": "LGPL-2.1", "severity": "medium" }, "LGPL-3.0": { "instructions": "", "licenseType": "LGPL-3.0", "severity": "medium" }, "MPL-1.1": { "instructions": "", "licenseType": "MPL-1.1", "severity": "medium" }, "MPL-2.0": { "instructions": "", "licenseType": "MPL-2.0", "severity": "medium" }, "MS-RL": { "instructions": "", "licenseType": "MS-RL", "severity": "medium" }, "SimPL-2.0": { "instructions": "", "licenseType": "SimPL-2.0", "severity": "high" } }, "severities": {} }, "ok": false, "org": "jonjagger", "packageManager": "apk", "path": "274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@sha256:131256eb5dfd88f82391d09b7fc4485f9096b3ccf1e79bebb37d37073f9cca41/saver:1cbd58a", "platform": "linux/amd64", "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\nignore: {}\npatch: {}\n", "projectName": "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a", "severityThreshold": "medium", "summary": "14 medium or high or critical severity vulnerable dependency paths", "uniqueCount": 1, "vulnerabilities": [ { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "openssl/libcrypto3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": true, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [ false, "openssl/libcrypto3@3.1.4-r1" ], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", ".ruby-rundeps@20230929.011636", "openssl/libcrypto3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "apk-tools/apk-tools@2.14.0-r2", "openssl/libcrypto3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "busybox/ssl_client@1.36.1-r4", "openssl/libcrypto3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "ca-certificates/ca-certificates@20230506-r0", "openssl/libcrypto3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "nodejs/nodejs@18.18.2-r0", "openssl/libcrypto3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", ".ruby-rundeps@20230929.011636", "openssl/libssl3@3.1.4-r0", "openssl/libcrypto3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "curl/curl@8.4.0-r0", "curl/libcurl@8.4.0-r0", "openssl/libcrypto3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "openssl/libssl3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": true, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [ false, "openssl/libssl3@3.1.4-r1" ], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", ".ruby-rundeps@20230929.011636", "openssl/libssl3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "apk-tools/apk-tools@2.14.0-r2", "openssl/libssl3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "busybox/ssl_client@1.36.1-r4", "openssl/libssl3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "nodejs/nodejs@18.18.2-r0", "openssl/libssl3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "curl/curl@8.4.0-r0", "curl/libcurl@8.4.0-r0", "openssl/libssl3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" } ] }, "created_at": 1700298727.1636744, "has_audit_package": true } }, "git_commit_info": { "sha1": "1cbd58aa1a47737b8b0dfd23d83d2319eb50d624", "message": "Dockerfile: Update base image", "author": "Faye <faye@kosli.com>", "timestamp": 1698850087, "branch": "main" }, "repo_url": "https://github.com/cyber-dojo/saver", "template": [ "artifact", "branch-coverage", "snyk-scan" ], "last_modified_at": 1700298727.1636744, "deployments": [ 174, 173 ], "state": "NON-COMPLIANT", "html_url": "https://app.kosli.com/cyber-dojo/flows/saver-archived-at-1707630914/artifacts/131256eb5dfd88f82391d09b7fc4485f9096b3ccf1e79bebb37d37073f9cca41", "api_url": "https://app.kosli.com/api/v2/artifacts/cyber-dojo/saver-archived-at-1707630914/fingerprint/131256eb5dfd88f82391d09b7fc4485f9096b3ccf1e79bebb37d37073f9cca41" }
Artifact Information |
|
Name | cyberdojo/saver:1cbd58a |
Fingerprint | 131256eb5dfd88f82391d09b7fc4485f9096b3ccf1e79bebb37d37073f9cca41 |
Git commit |
1cbd58a
Faye <faye@kosli.com> (main)
1698850087.0 • 6 months ago
Dockerfile: Update base image
|
CI Build | https://github.com/cyber-dojo/saver/actions/runs/6721273342 |
Running | - |
Exited | aws-beta#2220 aws-prod#1432 |
Last modified | 1700298727.1636744 • 6 months ago |
Approvals
None |
Evidence
Evidence for 'branch-coverage'
{ "evidence_type": "generic", "name": "branch-coverage", "is_compliant": true, "build_url": "https://github.com/cyber-dojo/saver/actions/runs/6721273342", "description": "server & client branch-coverage reports", "user_data": { "client": { "command_name": "Minitest", "groups": { "app": { "branches": { "covered": 2, "missed": 0, "total": 2 }, "lines": { "covered": 127, "missed": 0, "total": 127 } }, "test": { "branches": { "covered": 2, "missed": 0, "total": 2 }, "lines": { "covered": 593, "missed": 0, "total": 593 } } }, "timestamp": 1698850639 }, "server": { "command_name": "Minitest", "groups": { "app": { "branches": { "covered": 137, "missed": 2, "total": 139 }, "lines": { "covered": 1233, "missed": 10, "total": 1243 } }, "test": { "branches": { "covered": 12, "missed": 0, "total": 12 }, "lines": { "covered": 1756, "missed": 0, "total": 1756 } } }, "timestamp": 1698850635 } }, "created_at": 1698850642.6430173, "has_audit_package": false }
Evidence for 'snyk-scan'
{ "evidence_type": "snyk", "name": "snyk-scan", "is_compliant": false, "build_url": "https://github.com/cyber-dojo/snyk_scans/actions/runs/6913041804", "evidence_archive_fingerprint": "6cbaa299963cb283af1e857cf27d183a08eda74273cb946f79cca66139ce3692", "user_data": {}, "snyk_results": { "applications": [ { "dependencyCount": 0, "displayTargetFile": "/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "docker": {}, "filesystemPolicy": true, "hasUnknownVersions": false, "ignoreSettings": { "adminOnly": false, "disregardFilesystemIgnores": false, "reasonRequired": false }, "isPrivate": true, "licensesPolicy": { "orgLicenseRules": { "AGPL-1.0": { "instructions": "", "licenseType": "AGPL-1.0", "severity": "high" }, "AGPL-3.0": { "instructions": "", "licenseType": "AGPL-3.0", "severity": "high" }, "Artistic-1.0": { "instructions": "", "licenseType": "Artistic-1.0", "severity": "medium" }, "Artistic-2.0": { "instructions": "", "licenseType": "Artistic-2.0", "severity": "medium" }, "CDDL-1.0": { "instructions": "", "licenseType": "CDDL-1.0", "severity": "medium" }, "CPOL-1.02": { "instructions": "", "licenseType": "CPOL-1.02", "severity": "high" }, "EPL-1.0": { "instructions": "", "licenseType": "EPL-1.0", "severity": "medium" }, "GPL-2.0": { "instructions": "", "licenseType": "GPL-2.0", "severity": "high" }, "GPL-3.0": { "instructions": "", "licenseType": "GPL-3.0", "severity": "high" }, "LGPL-2.0": { "instructions": "", "licenseType": "LGPL-2.0", "severity": "medium" }, "LGPL-2.1": { "instructions": "", "licenseType": "LGPL-2.1", "severity": "medium" }, "LGPL-3.0": { "instructions": "", "licenseType": "LGPL-3.0", "severity": "medium" }, "MPL-1.1": { "instructions": "", "licenseType": "MPL-1.1", "severity": "medium" }, "MPL-2.0": { "instructions": "", "licenseType": "MPL-2.0", "severity": "medium" }, "MS-RL": { "instructions": "", "licenseType": "MS-RL", "severity": "medium" }, "SimPL-2.0": { "instructions": "", "licenseType": "SimPL-2.0", "severity": "high" } }, "severities": {} }, "ok": true, "org": "jonjagger", "packageManager": "maven", "path": "274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@sha256:131256eb5dfd88f82391d09b7fc4485f9096b3ccf1e79bebb37d37073f9cca41/saver:1cbd58a@sha256:131256eb5dfd88f82391d09b7fc4485f9096b3ccf1e79bebb37d37073f9cca41:/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\nignore: {}\npatch: {}\n", "projectName": "274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@sha256:131256eb5dfd88f82391d09b7fc4485f9096b3ccf1e79bebb37d37073f9cca41:/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "severityThreshold": "medium", "summary": "No medium or high or critical severity vulnerabilities", "targetFile": "/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "uniqueCount": 0, "vulnerabilities": [] } ], "dependencyCount": 85, "docker": { "binariesVulns": { "affectedPkgs": {}, "issuesData": {} } }, "filesystemPolicy": true, "filtered": { "ignore": [], "patch": [] }, "hasUnknownVersions": false, "ignoreSettings": { "adminOnly": false, "disregardFilesystemIgnores": false, "reasonRequired": false }, "isPrivate": true, "licensesPolicy": { "orgLicenseRules": { "AGPL-1.0": { "instructions": "", "licenseType": "AGPL-1.0", "severity": "high" }, "AGPL-3.0": { "instructions": "", "licenseType": "AGPL-3.0", "severity": "high" }, "Artistic-1.0": { "instructions": "", "licenseType": "Artistic-1.0", "severity": "medium" }, "Artistic-2.0": { "instructions": "", "licenseType": "Artistic-2.0", "severity": "medium" }, "CDDL-1.0": { "instructions": "", "licenseType": "CDDL-1.0", "severity": "medium" }, "CPOL-1.02": { "instructions": "", "licenseType": "CPOL-1.02", "severity": "high" }, "EPL-1.0": { "instructions": "", "licenseType": "EPL-1.0", "severity": "medium" }, "GPL-2.0": { "instructions": "", "licenseType": "GPL-2.0", "severity": "high" }, "GPL-3.0": { "instructions": "", "licenseType": "GPL-3.0", "severity": "high" }, "LGPL-2.0": { "instructions": "", "licenseType": "LGPL-2.0", "severity": "medium" }, "LGPL-2.1": { "instructions": "", "licenseType": "LGPL-2.1", "severity": "medium" }, "LGPL-3.0": { "instructions": "", "licenseType": "LGPL-3.0", "severity": "medium" }, "MPL-1.1": { "instructions": "", "licenseType": "MPL-1.1", "severity": "medium" }, "MPL-2.0": { "instructions": "", "licenseType": "MPL-2.0", "severity": "medium" }, "MS-RL": { "instructions": "", "licenseType": "MS-RL", "severity": "medium" }, "SimPL-2.0": { "instructions": "", "licenseType": "SimPL-2.0", "severity": "high" } }, "severities": {} }, "ok": false, "org": "jonjagger", "packageManager": "apk", "path": "274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@sha256:131256eb5dfd88f82391d09b7fc4485f9096b3ccf1e79bebb37d37073f9cca41/saver:1cbd58a", "platform": "linux/amd64", "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\nignore: {}\npatch: {}\n", "projectName": "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a", "severityThreshold": "medium", "summary": "14 medium or high or critical severity vulnerable dependency paths", "uniqueCount": 1, "vulnerabilities": [ { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "openssl/libcrypto3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": true, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [ false, "openssl/libcrypto3@3.1.4-r1" ], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", ".ruby-rundeps@20230929.011636", "openssl/libcrypto3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "apk-tools/apk-tools@2.14.0-r2", "openssl/libcrypto3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "busybox/ssl_client@1.36.1-r4", "openssl/libcrypto3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "ca-certificates/ca-certificates@20230506-r0", "openssl/libcrypto3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "nodejs/nodejs@18.18.2-r0", "openssl/libcrypto3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", ".ruby-rundeps@20230929.011636", "openssl/libssl3@3.1.4-r0", "openssl/libcrypto3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "curl/curl@8.4.0-r0", "curl/libcurl@8.4.0-r0", "openssl/libcrypto3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "openssl/libssl3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": true, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [ false, "openssl/libssl3@3.1.4-r1" ], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", ".ruby-rundeps@20230929.011636", "openssl/libssl3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "apk-tools/apk-tools@2.14.0-r2", "openssl/libssl3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "busybox/ssl_client@1.36.1-r4", "openssl/libssl3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "nodejs/nodejs@18.18.2-r0", "openssl/libssl3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" }, { "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cpes": [], "creationTime": "2023-11-11T15:02:39.692607Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.3, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "modificationTime": "2023-11-08T13:48:19.543999Z", "severity": "medium" }, { "assigner": "NVD", "cvssV3BaseScore": 7.5, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2023-11-15T01:11:01.755232Z", "severity": "high" } ], "cvssScore": 7.5, "description": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Alpine`._\n_See `How to fix?` for `Alpine:3.18` relevant fixed versions and status._\n\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n"-pubcheck" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r1 or higher.\n## References\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017)\n- [openssl-security@openssl.org](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)\n- [openssl-security@openssl.org](https://www.openssl.org/news/secadv/20231106.txt)\n- [openssl-security@openssl.org](http://www.openwall.com/lists/oss-security/2023/11/06/2)\n", "disclosureTime": "2023-11-06T16:15:42.670000Z", "dockerfileInstruction": "apk add nodejs", "epssDetails": { "modelVersion": "v2023.03.01", "percentile": "0.12710", "probability": "0.00045" }, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r1" ], "from": [ "docker-image|274425519734.dkr.ecr.eu-central-1.amazonaws.com/saver:1cbd58a@*", "curl/curl@8.4.0-r0", "curl/libcurl@8.4.0-r0", "openssl/libssl3@3.1.4-r0" ], "id": "SNYK-ALPINE318-OPENSSL-6055795", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-5678" ], "CWE": [ "CWE-754" ] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2023-11-15T01:11:01.991077Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r1", "nvdSeverity": "high", "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2023-11-11T15:02:39.705852Z", "references": [ { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "title": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "title": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "title": "http://www.openwall.com/lists/oss-security/2023/11/06/2", "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2" } ], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r1" ] }, "severity": "high", "severityWithCritical": "high", "socialTrendAlert": false, "title": "Improper Check for Unusual or Exceptional Conditions", "upgradePath": [], "version": "3.1.4-r0" } ] }, "created_at": 1700298727.1636744, "has_audit_package": true }