The vulnerability of the OpenSSL library, related to errors in processing cryptographic keys when using the DH (E) protocol, allows a hacker to induce a denial-of-service attack.

🗓️ 22 Jan 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

OpenSSL DH key processing errors can cause denial of service via exploitation.

Reporter	Title	Published	Views	Family All 397
IBM Security Bulletins	Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018	28 Jan 201917:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSSL (CVE-2018-0732)	7 Dec 202322:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Spectrum Protect Plus (CVE-2018-0739, CVE-2018-0737, CVE-2018-0732)	27 Jun 201918:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM BladeCenter Switch Modules are affected by vulnerability in OpenSSL (CVE-2018-0732)	12 Mar 201920:10	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere DataPower Appliances is affected by a Denial of Service vulnerability (CVE-2018-0732)	7 Sep 201814:46	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in GNU OpenSSL affect IBM Netezza Analytics	18 Oct 201903:36	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 and LCM8 & LCM16 KVM Switch Firmware (CVE-2018-0732 CVE-2019-1559)	7 Dec 202322:45	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and Business Process Manager (BPM)	14 Sep 202215:02	–	ibm
IBM Security Bulletins	Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2018-0732, CVE-2018-0739, CVE-2017-3735)	19 Jul 201910:10	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2018-0732)	17 Mar 202222:07	–	ibm

Vulners

Node

oracle api_gatewayMatch11.1.2.4.0aurora

oracle enterprise_manager_ops_centerMatch12.2.2aurora

oracle enterprise_manager_ops_centerMatch12.3.3aurora

oracle jd_edwards_enterpriseone_toolsMatch9.2aurora

openssl opensslRange1.1.0–1.1.0haurora

oracle vm_virtualboxRange<5.2.20aurora

oracle tuxedoMatch12.1.1.0aurora

oracle peoplesoft_enterprise_peopletoolsMatch8.55aurora

oracle peoplesoft_enterprise_peopletoolsMatch8.56aurora

oracle peoplesoft_enterprise_peopletoolsMatch8.57aurora

openssl opensslRange1.0.2–1.0.2oaurora

oracle primavera_p6_enterprise_project_portfolio_managementMatch8.4aurora

oracle primavera_p6_enterprise_project_portfolio_managementMatch15.1aurora

oracle primavera_p6_enterprise_project_portfolio_managementMatch15.2aurora

oracle primavera_p6_enterprise_project_portfolio_managementMatch16.1aurora

oracle primavera_p6_enterprise_project_portfolio_managementMatch16.2aurora

oracle primavera_p6_enterprise_project_portfolio_managementMatch18.8aurora

oracle primavera_p6_enterprise_project_portfolio_managementRange17.7–17.12aurora

novell suse_enterprise_storageMatch4aurora

novell suse_openstack_cloudMatch7aurora

node.js node.jsMatch10aurora

node.js node.jsMatch11aurora

novell suse_linux_enterprise_module_for_web_scriptingMatch12aurora

oracle communications_webrtc_session_controllerRange<7.2aurora

oracle communications_application_session_controllerMatch3.7.1aurora

oracle communications_application_session_controllerMatch3.8.0aurora

oracle agile_engineering_data_managementMatch6.1.3aurora

oracle agile_engineering_data_managementMatch6.2.0aurora

oracle agile_engineering_data_managementMatch6.2.1aurora

oracle enterprise_manager_base_platformMatch12.1.0.5aurora

oracle endeca_serverMatch7.7.0aurora

node.js node.jsMatch6aurora

node.js node.jsMatch8aurora

oracle communications_eagle_lnp_application_processorMatch10.0aurora

oracle communications_eagle_lnp_application_processorMatch10.1aurora

oracle communications_eagle_lnp_application_processorMatch10.2aurora

oracle communications_operations_monitorMatch3.4aurora

oracle communications_operations_monitorMatch4.0aurora

oracle enterprise_manager_base_platformMatch13.2.0aurora

oracle enterprise_manager_base_platformMatch13.3.0aurora

oracle mysql_workbenchRange≤8.0.13aurora

oracle oss_support_toolsRange<19.1aurora

novell suse_linux_enterprise_module_for_basesystemMatch15aurora

novell suse_studio_onsiteMatch1.3aurora

novell suse_linux_enterprise_module_for_legacy_softwareMatch15aurora

novell suse_linux_enterprise_module_for_web_scriptingMatch15aurora

novell openstack_cloud_magnum_orchestrationMatch7aurora

novell suse_linux_enterprise_module_for_legacy_softwareMatch12aurora

oracle communications_performance_intelligence_center_(pic)_softwareMatch10.4.0.2aurora

juniper_networks junos_spaceRange<21.1r1aurora

red_hat red_hat_enterprise_linuxMatch7

novell opensuse_leapMatch42.3

canonical ubuntuMatch17.10

fedora fedoraMatch29

novell opensuse_leapMatch15.0

novell suse_linux_enterprise_serverMatch12-ltss

fedora fedoraMatch30

novell suse_linux_enterprise_serverMatch11-security

fedora fedoraMatch31

Source	Link
oracle	www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
openssl	www.openssl.org/news/secadv/20180612.txt
securityfocus	www.securityfocus.com/bid/104442
securitytracker	www.securitytracker.com/id/1041090
access	www.access.redhat.com/errata/RHSA-2018:2552
access	www.access.redhat.com/errata/RHSA-2018:2553
access	www.access.redhat.com/errata/RHSA-2018:3221
access	www.access.redhat.com/errata/RHSA-2018:3505
git	www.git.openssl.org/gitweb/
git	www.git.openssl.org/gitweb/

20 Feb 2025 00:00Current

6.4Medium risk

Vulners AI Score6.4

CVSS 37.5

CVSS 27.8

EPSS0.49268