CVE-2018-0732

Updated: 2024-11-30 02:33:09.416219

Description:

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS openssl 1.0.1e 7.5 HIGH Released CLSA-2021:1632262317 2022-05-05 12:01:44
CloudLinux 6 ELS openssl 1.0.1e 7.5 HIGH Released 2021-12-09 07:57:06
Oracle Linux 6 ELS openssl 1.0.1e 7.5 HIGH Not Vulnerable CLSA-2021:1634922881 2021-12-09 07:57:06
Ubuntu 16.04 ELS openssl 1.0.2g-1 7.5 HIGH Not Vulnerable 2021-12-09 07:57:06