How severe is CVE-2023-29409?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-29409?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2023-29409

MEDIUM Year: 2023

CVSS v3 Score

5.3

Medium

Weakness Type

CWE-400

View all →

Vulnerability Description

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.

CVE-2016-0747

MEDIUM

CVSS:5.3(Medium)

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) vi...

CWE-4002016

CVE-2016-8367

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all version...

CWE-4002016

CVE-2017-1000359

MEDIUM

CVSS:5.3(Medium)

Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.

CWE-4002017

CVE-2017-10621

MEDIUM

CVSS:5.3(Medium)

A denial of service vulnerability in telnetd service on Juniper Networks Junos OS allows remote unauthenticated attackers to cause a denial of service. Affected Junos OS releases are: 12.1X46 prior to...

CWE-4002017

CVE-2017-12093

MEDIUM

CVSS:5.3(Medium)

An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream...

CWE-4002017

CVE-2017-15345

MEDIUM

CVSS:5.3(Medium)

Huawei Smartphones with software LON-L29DC721B186 have a denial of service vulnerability. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Succ...

CWE-4002017

CVE-2023-29409

Vulnerability Description

Related Vulnerabilities

CVE-2016-0747

CVE-2016-8367

CVE-2017-1000359

CVE-2017-10621

CVE-2017-12093

CVE-2017-15345