« List of all CVEs

CVE-2018-0732

Client DoS due to large DH parameter

Published: 6/12/2018 Last updated: 9/17/2024 Reserved: 11/30/2017

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).

CNA assigner: openssl (3a12439a-ef3a-4c79-92e6-6081a721f1e5) Requested by: n/a

Opam packages affected (7)

conf-libcurl conf-libssl conf-mingw-w64-openssl-i686 conf-mingw-w64-openssl-x86_64 conf-npm conf-openssl conf-srt-openssl

Products affected (1)

Product	Vendor	Version
OpenSSL	OpenSSL	< *

References (74)

Credits (1)

Guido Vranken