Linux Distros Unpatched Vulnerability : CVE-2022-40735

🗓️ 10 Sep 2025 00:00:00Reported by TenableType

Unpatched Linux packages may permit excessive Diffie-Hellman exponent computations (CVE-2022-40735), impacting service availability.

Reporter	Title	Published	Views	Family All 44
ATTACKERKB	CVE-2022-40735	14 Nov 202223:15	–	attackerkb
Information Security Automation	VMconf 22: Blindspots in the Knowledge Bases of Vulnerability Scanners	18 Feb 202217:00	–	avleonov
Cloud Foundry	USN-6854-1: OpenSSL vulnerability \| Cloud Foundry	25 Jul 202400:00	–	cloudfoundry
Circl	CVE-2002-20001	11 Nov 202122:37	–	circl
Circl	CVE-2022-40735	19 Mar 202600:00	–	circl
CNNVD	Diffie-Hellman Key Agreement Protocol 资源管理错误漏洞	11 Nov 202100:00	–	cnnvd
CNNVD	Diffie-Hellman Key Agreement Protocol 资源管理错误漏洞	14 Nov 202200:00	–	cnnvd
CVE	CVE-2002-20001	11 Nov 202100:00	–	cve
CVE	CVE-2022-40735	14 Nov 202200:00	–	cve
Cvelist	CVE-2002-20001	11 Nov 202100:00	–	cvelist

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2022-40735
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(262538);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/09/10");

  script_cve_id("CVE-2022-40735");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2022-40735");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain
    calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that
    (appropriately) short exponents can be used when there are adequate subgroup constraints, and these
    short exponents can lead to less expensive calculations than for long exponents. This issue is different
    from CVE-2002-20001 because it is based on an observation about exponent size, rather than an observation
    about numbers that are not public keys. The specific situations in which calculation expense would
    constitute a server-side vulnerability depend on the protocol (e.g., TLS, SSH, or IKE) and the DHE
    implementation details. In general, there might be an availability concern because of server-side resource
    consumption from DHE modular-exponentiation calculations. Finally, it is possible for an attacker to
    exploit this vulnerability and CVE-2002-20001 together. (CVE-2022-40735)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2022-40735");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-40735");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/09/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nodejs");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-22.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-22.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "22.04",
        "pkgs": [
          {"reference": "nodejs"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

10 Sep 2025 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 25

CVSS 3.17.5

EPSS0.1468