CVE-2023-3446 | Excessive time spent checking DH keys and parameters

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

Published: 2023-07-19 Last update: 2026-06-17 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2023-3446 is rated Moderate Risk (58.1/100): CVSS Medium severity, with high exploitation likelihood (EPSS 5.53%, 92th percentile). Core evidence: EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +4.78% over the last day, indicating growing attacker interest. Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2023-3446

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.75% 5.53% +4.78%
2 2026-06-13 1.00% 0.75% -0.25%
3 2026-05-15 1.00%

Full EPSS history (33 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2023-3446

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.3 3.1 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:L)
Might cause slowdowns, glitches, or partial disruption—not a full brick.
3.9 1.4 [email protected]
5.3 3.1 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:L)
Might cause slowdowns, glitches, or partial disruption—not a full brick.
3.9 1.4 134c704f-9b21-4f2e-91b3-4a467353bcc0

Weakness enumeration for CVE-2023-3446

OS Trackers for CVE-2023-3446

vendor priority summary link
alpine CVE-2023-3446: 2 source package rows (openssl, openssl1.1-compat); 35 state rows across 8 repos (3.17-main, 3.18-community, 3.18-main, 3.19-main, 3.20-main, 3.21-main, 3.22-main, edge-main); fixed 8, open 27. https://security.alpinelinux.org/vuln/CVE-2023-3446
debian not yet assigned CVE-2023-3446 not yet assigned priority: Debian including 1 source packages (openssl), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2023-3446
gentoo normal CVE-2023-3446: 1 GLSA(s) (202402-08), 1 atom(s) (dev-libs/openssl); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2023-3446
redhat low https://access.redhat.com/security/cve/CVE-2023-3446
suse medium CVE-2023-3446 severity moderate: SUSE including 565 source package names (0.23.0.3.2.527:libopenssl1_1-1.1.1d-150200.11.72.1, 0.23.0.3.2.527:libopenssl1_1-hmac-1.1.1d-150200.11.72.1, …), 1367 product×package rows across 310 product lines (Container bci/bci-base-fips, Container bci/bci-init, … (310 product lines)): Fixed 1143, Known Affected 165, Known Not Affected 59. https://www.suse.com/security/cve/CVE-2023-3446/
ubuntu low CVE-2023-3446 low priority: Ubuntu including 4 source packages (edk2, nodejs, openssl, openssl1.0), 52 status rows across 13 suites (bionic, focal, jammy, kinetic, lunar, mantic, noble, oracular, plucky, questing, trusty, upstream, xenial): not-affected 18, DNE 11, released 10, ignored 6, needs-triage 4, needed 3. https://ubuntu.com/security/CVE-2023-3446

Affected software / configurations for CVE-2023-3446

Vendor Product Version Raw CPE
openssl openssl 1.0.2 cpe:2.3:a:openssl:openssl:1.0.2:-:*:*:*:*:*:*
openssl openssl 1.1.1 cpe:2.3:a:openssl:openssl:1.1.1:-:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:-:*:*:*:*:*:*
openssl openssl 3.1.0 cpe:2.3:a:openssl:openssl:3.1.0:-:*:*:*:*:*:*
openssl openssl 3.1.1 cpe:2.3:a:openssl:openssl:3.1.1:-:*:*:*:*:*:*

References for CVE-2023-3446

URL Tags
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb Mailing List Patch Vendor Advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528 Mailing List Patch Vendor Advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c Broken Link Vendor Advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23 Mailing List Patch Vendor Advisory
https://www.openssl.org/news/secadv/20230719.txt Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/07/19/4
http://www.openwall.com/lists/oss-security/2023/07/19/5
http://www.openwall.com/lists/oss-security/2023/07/19/6
http://www.openwall.com/lists/oss-security/2023/07/31/1
http://www.openwall.com/lists/oss-security/2024/05/16/1
https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html
https://security.gentoo.org/glsa/202402-08
https://security.netapp.com/advisory/ntap-20230803-0011/
cvelogic Threat Intelligence