CVE-2018-0732

 

Published at: - 12-06-2018 03:29

Last modified: - 16-08-2022 03:00

Total changes: - 5

Description

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

 

Verification logic

 

Reference

• https://www.openssl.org/news/secadv/20180612.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3984ef0b72831da8b3ece4745cac4f8575b19098
• 1041090-Third Party Advisory, VDB Entry
• 104442-Third Party Advisory, VDB Entry
• USN-3692-2-Third Party Advisory
• USN-3692-1-Third Party Advisory
• [debian-lts-announce] 20180728 [SECURITY] [DLA 1449-1] openssl security update-Third Party Advisory
• RHSA-2018:2553-Third Party Advisory
• RHSA-2018:2552-Third Party Advisory
• https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
• https://www.tenable.com/security/tns-2018-12
• https://securityadvisories.paloaltonetworks.com/Home/Detail/133
• http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
• https://www.tenable.com/security/tns-2018-14
• https://www.tenable.com/security/tns-2018-13
• RHSA-2018:3221-Third Party Advisory
• https://security.netapp.com/advisory/ntap-20181105-0001/
• RHSA-2018:3505-Third Party Advisory
• GLSA-201811-03-Third Party Advisory
• DSA-4348-Third Party Advisory
• DSA-4355-Third Party Advisory
• https://www.tenable.com/security/tns-2018-17
• https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
• https://security.netapp.com/advisory/ntap-20190118-0002/
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
• RHSA-2019:1297-Third Party Advisory
• RHSA-2019:1296-Third Party Advisory
• RHSA-2019:1543-Third Party Advisory
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• FEDORA-2019-db06efdea1-Mailing List, Third Party Advisory
• FEDORA-2019-00c25b9379-Mailing List, Third Party Advisory
• FEDORA-2019-9a0a7c0986-Third Party Advisory
• https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
• N/A-Third Party Advisory
• https://www.oracle.com/security-alerts/cpujan2021.html
• https://cert-portal.siemens.com/productcert/pdf/ssa-419820.pdf

 

Keywords

NVD

 

CVE-2018-0732

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures