The vulnerability of the Diffie-Hellman Key Exchange (DHE) protocol, which is related to uncontrolled resource consumption, allows a attacker to cause a service failure.

The vulnerability of the Diffie-Hellman Key Exchange DHE protocol is related to an uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service interruptions...

CVE-2024-20069

In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01286330; Iss...

CVE-2024-54847

An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman DH parameters and access sensitive data or execute a man-in-the-middle attack...

CVE-2023-28113

russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...

CVE-2022-40735

The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "appropriately short exponents" can be used when there are adequate subgroup constraints, and these sho...

CVE-2002-20001

The Diffie-Hellman Key Agreement Protocol allows remote attackers from the client side to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a DHEat or DHEater attack. The client needs very little CPU resources...

kernel: nvmet-auth: assign dh_key to NULL after kfree_sensitive

In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dhkey to NULL after kfreesensitive ctrl-dhkey might be used across multiple calls to nvmetsetupdhgroup for the same controller. So it's better to nullify it after release on error path in order to avoid double...

Linux Distros Unpatched Vulnerability : CVE-2024-41996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the clie...

Linux Distros Unpatched Vulnerability : CVE-2020-1968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have...

Linux Distros Unpatched Vulnerability : CVE-2011-5095

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier...

DEBIAN-CVE-2022-49564

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for DH Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatterlist into a linea...

UBUNTU-CVE-2022-49564

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for DH Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatterlist into a linea...

CVE-2022-49564 crypto: qat - add param check for DH

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for DH Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatterlist into a linea...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from insufficient checking of the DH parameter, which could lead to an integer underflow...

CVE-2024-8935

CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a...

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2024-41996: Fixed a denial of service in the Diffie-Hellman Key Agreement Protocol bsc1230698. CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 Patch Instructions: To install this SUSE update use the SUSE recommended installatio...

SUSE-SU-2025:20081-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2024-41996: Fixed a denial of service in the Diffie-Hellman Key Agreement Protocol bsc1230698. - CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262...

CVE-2024-54847

An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman DH parameters and access sensitive data or execute a man-in-the-middle attack...

CVE-2024-54847

An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman DH parameters and access sensitive data or execute a man-in-the-middle attack...

CVE-2024-54847

Technical details for CVE-2024-54847 are not publicly disclosed in the provided connected documents. Monitor for updates.