During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).

References

bugzilla.redhat.com/show_bug.cgi?id=1591100

www.cve.org/CVERecord?id=CVE-2018-0732 https://nvd.nist.gov/vuln/detail/CVE-2018-0732 https://www.openssl.org/news/secadv/20180612.txt

nessus 64

openvas 25

veracode 2

ibm 46

suse 9

broadcom 2

prion 1

osv 4

freebsd 2

tenable 4

ubuntucve 1

f5 1

hackerone 1

symantec 2

debiancve 1

cve 1

amazon 2

aix 1

checkpoint_advisories 1

openssl 1

alpinelinux 1

gentoo 1

ics 1

fedora 2

oraclelinux 6

altlinux 2

debian 3

mageia 1

slackware 1

redhat 4

cloudfoundry 1

ubuntu 2

paloalto 1

nodejsblog 1

cloudlinux 1

nessus

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2018:1887-1)

2018-07-06 00:00:00

openSUSE Security Update : openssl-1_0_0 (openSUSE-2019-549)

2019-03-27 00:00:00

openSUSE Security Update : openssl-1_1 (openSUSE-2019-751)

2019-03-27 00:00:00

openvas

openSUSE: Security Advisory for openssl-1_1 (openSUSE-SU-2018:2117-1)

2018-10-26 00:00:00

openSUSE: Security Advisory for openssl (openSUSE-SU-2018:1906-1)

2018-07-07 00:00:00

openSUSE: Security Advisory for openssl-1_0_0 (openSUSE-SU-2018:2129-1)

2018-10-26 00:00:00

veracode

Denial Of Service (DoS)

2018-06-13 03:48:25

Denial Of Service (DoS)

2019-01-15 09:24:14

ibm

Security Bulletin: Vulnerability in OpenSSL affects IBM BladeCenter Advanced Management Module (AMM)

2018-10-03 16:20:01

Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2018-0732)

2018-11-15 15:50:02

Security Bulletin: IBM Flex System switch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0732)

2023-12-07 22:45:03

suse

Security update for openssl-1_1 (moderate)

2018-10-05 12:08:41

Security update for openssl-1_1 (moderate)

2018-07-28 15:09:18

Security update for openssl-1_0_0 (moderate)

2018-07-28 16:03:35

broadcom

CVE-2018-0732. Client DoS due to large DH parameter.

2022-09-13 00:00:00

CVE-2018-0732. Client DoS due to large DH parameter.

2022-09-13 00:00:00

prion

Design/Logic Flaw

2018-06-12 13:29:00

osv

CVE-2018-0732

2018-06-12 13:29:00

openssl - security update

2018-07-28 00:00:00

openssl1.0 - security update

2018-12-19 00:00:00

freebsd

OpenSSL -- Client DoS due to large DH parameter

2018-06-12 00:00:00

node.js -- multiple vulnerabilities

2018-08-16 00:00:00

tenable

[R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities

2018-10-23 21:15:12

[R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities

2018-12-20 19:43:50

[R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities

2018-12-20 19:43:50

ubuntucve

CVE-2018-0732

2018-06-12 00:00:00

K21665601 : OpenSSL vulnerability CVE-2018-0732

2018-07-20 00:00:00

hackerone

Internet Bug Bounty: Client DoS due to large DH parameter (CVE-2018-0732)

2018-06-12 11:15:31

symantec

OpenSSL CVE-2018-0732 Denial of Service Vulnerability

2018-06-12 00:00:00

OpenSSL Vulnerabilities 16-Apr-2018 and 12-Jun-2018

2018-10-10 08:01:01

debiancve

CVE-2018-0732

2018-06-12 13:29:00

cve

CVE-2018-0732

2018-06-12 13:29:00

amazon

Medium: openssl

2018-10-30 20:50:00

Medium: openssl

2018-11-07 22:07:00

aix

Vulnerability in OpenSSL affects AIX (CVE-2018-0732)

2018-09-19 08:44:29

checkpoint_advisories

OpenSSL Denial of Service (CVE-2018-0732)

2019-02-17 00:00:00

openssl

Vulnerability in OpenSSL CVE-2018-0732

2018-06-12 00:00:00

alpinelinux

CVE-2018-0732

2018-06-12 13:29:00

gentoo

OpenSSL: Denial of service

2018-11-09 00:00:00

ics

Siemens TIM 1531 IRC

2021-06-08 12:00:00

fedora

[SECURITY] Fedora 28 Update: openssl-1.1.0i-1.fc28

2018-09-22 20:52:36

[SECURITY] Fedora 27 Update: openssl-1.1.0i-1.fc27

2018-10-02 15:03:41

oraclelinux

openssl security update

2018-10-15 00:00:00

openssl security update

2018-10-12 00:00:00

openssl security update

2018-10-12 00:00:00

altlinux

Security fix for the ALT Linux 10 package node version 8.11.4-alt1

2018-08-29 00:00:00

Security fix for the ALT Linux 9 package openssl10 version 1.0.2p-alt1

2018-08-16 00:00:00

debian

[SECURITY] [DLA 1449-1] openssl security update

2018-07-28 03:56:18

[SECURITY] [DSA 4355-1] openssl1.0 security update

2018-12-19 22:29:59

[SECURITY] [DSA 4348-1] openssl security update

2018-11-30 22:26:20

mageia

Updated openssl packages fix security vulnerabilities

2018-09-02 22:07:30

slackware

[slackware-security] openssl

2018-08-15 00:18:35

redhat

(RHSA-2018:2552) Moderate: Red Hat OpenShift Application Runtimes Node.js 8.11.4 security update

2018-08-22 21:04:23

(RHSA-2018:2553) Moderate: Red Hat OpenShift Application Runtimes Node.js 10.9.0 security update

2018-08-22 21:04:25

(RHSA-2019:1297) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 security update

2019-05-30 14:46:40

cloudfoundry

USN-3692-1: OpenSSL vulnerabilities | Cloud Foundry

2018-07-10 00:00:00

ubuntu

OpenSSL vulnerabilities

2018-06-26 00:00:00

OpenSSL vulnerabilities

2018-06-26 00:00:00

paloalto

OpenSSL Vulnerabilities in PAN-OS

2018-10-11 00:00:00

nodejsblog

August 2018 Security Releases

2018-08-11 00:00:00

cloudlinux

Fix of CVE: CVE-2018-0739, CVE-2018-0737, CVE-2021-3712, CVE-2018-0732

2021-09-21 22:11:57

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.109 Low

EPSS

Percentile

94.2%

JSON

Related for RH:CVE-2018-0732