diff options
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index 5590704670..16913a049b 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -30,6 +30,23 @@ breaking changes, and mappings for the large list of deprecated functions. ### Changes between 3.0.13 and 3.0.14 [xx XXX xxxx] + * Fixed an issue where checking excessively long DSA keys or parameters may + be very slow. + + Applications that use the functions EVP_PKEY_param_check() or + EVP_PKEY_public_check() to check a DSA public key or DSA parameters may + experience long delays. Where the key or parameters that are being checked + have been obtained from an untrusted source this may lead to a Denial of + Service. + + To resolve this issue DSA keys larger than OPENSSL_DSA_MAX_MODULUS_BITS + will now fail the check immediately with a DSA_R_MODULUS_TOO_LARGE error + reason. + + ([CVE-2024-4603]) + + *Tomáš Mráz* + * Fixed an issue where some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions. An attacker may exploit certain server configurations to trigger unbounded memory growth that |