Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2023-29409

Public on 2023-08-02
Modified on 2024-01-20
Description

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.

Severity
Medium
See what this means
CVSS v3 Base Score
5.3
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 - Core amazon-cloudwatch-agent 2023-08-17 11:58 ALAS2-2023-2209
Amazon Linux 2023 amazon-cloudwatch-agent 2023-08-17 11:20 ALAS2023-2023-307
Amazon Linux 2023 amazon-ecr-credential-helper 2023-09-14 00:55 ALAS2023-2023-346
Amazon Linux 2 - Core amazon-ssm-agent 2023-10-12 15:09 ALAS2-2023-2303
Amazon Linux 2023 amazon-ssm-agent 2023-09-27 21:07 ALAS2023-2023-373
Amazon Linux 2 - Core cni-plugins 2023-08-17 11:58 ALAS2-2023-2208
Amazon Linux 2023 cni-plugins 2023-08-31 21:47 ALAS2023-2023-338
Amazon Linux 1 containerd 2023-09-27 22:15 ALAS-2023-1849
Amazon Linux 2 - Docker Extra containerd 2023-08-17 17:04 ALAS2DOCKER-2023-027
Amazon Linux 2 - Ecs Extra containerd 2023-09-27 23:00 ALAS2ECS-2023-008
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra containerd 2023-08-17 17:03 ALAS2NITRO-ENCLAVES-2023-028
Amazon Linux 2023 containerd 2023-08-17 11:20 ALAS2023-2023-308
Amazon Linux 2 - Core cri-tools 2023-08-31 22:28 ALAS2-2023-2229
Amazon Linux 2023 docker 2023-09-14 00:54 ALAS2023-2023-345
Amazon Linux 1 golang 2023-09-27 22:15 ALAS-2023-1848
Amazon Linux 2 - Core golang 2023-08-17 11:58 ALAS2-2023-2211
Amazon Linux 2023 golang 2023-08-17 11:20 ALAS2023-2023-310
Amazon Linux 2 - Core nerdctl 2023-08-17 11:58 ALAS2-2023-2210
Amazon Linux 2023 nerdctl 2023-08-17 11:20 ALAS2023-2023-309
Amazon Linux 2 - Docker Extra runc 2023-08-17 17:04 ALAS2DOCKER-2023-026
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra runc 2023-08-17 17:03 ALAS2NITRO-ENCLAVES-2023-027

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
NVD CVSSv3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L