Description
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.
Remediation
References
Related Vulnerabilities
Jetty Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-26048)
PostgreSQL Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2024-7348)
WordPress Plugin Galleries by Angie Makes Cross-Site Scripting (1.67)
Zope Web Application Server Other Vulnerability (CVE-2000-1211)
Oracle Database Server CVE-2007-3858 Vulnerability (CVE-2007-3858)