Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-6237

Published: 15 January 2024

Excessive time spent checking invalid RSA public keys

Notes

AuthorNote
Priority reason:
Upstream OpenSSL project has rated this as low severity
mdeslaur
only affects 3.0 and higher

Priority

Low

Status

Package Release Status
openssl
Launchpad, Ubuntu, Debian
trusty Not vulnerable
(3.x only)
xenial Not vulnerable
(3.x only)
bionic Not vulnerable
(3.x only)
focal Not vulnerable
(3.x only)
jammy
Released (3.0.2-0ubuntu1.14)
lunar Ignored
(end of life, was needed)
mantic
Released (3.0.10-1ubuntu2.2)
upstream
Released (3.0.13)
Patches:
upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=18c02492138d1eb8b6548cb26e7b625fb2414a2a
openssl1.0
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Not vulnerable
(3.x only)
focal Does not exist

jammy Does not exist

lunar Does not exist

mantic Does not exist

upstream Needs triage

nodejs
Launchpad, Ubuntu, Debian
trusty Not vulnerable
(uses system openssl)
xenial Needs triage

bionic Needs triage

focal Not vulnerable
(uses system openssl)
jammy Needed

lunar Not vulnerable
(uses system openssl)
mantic Not vulnerable
(uses system openssl)
upstream Needs triage

edk2
Launchpad, Ubuntu, Debian
trusty Ignored
(end of standard support)
xenial Not vulnerable
(3.x only)
bionic Not vulnerable
(3.x only)
focal Not vulnerable
(3.x only)
jammy Not vulnerable
(3.x only)
lunar Not vulnerable
(3.x only)
mantic Not vulnerable
(3.x only)
upstream Needs triage