9 matches found
CVE-2026-21895
The CVE-2026-21895 entry concerns the rsa crate (Rust) where constructing an RSA private key from components panics if one of the primes equals 1 in versions prior to 0.9.10. The issue is resolved in 0.9.10. Connected sources confirm the affected component (rsa crate) and the fix version, with no...
CVE-2018-0732. Client DoS due to large DH parameter.
During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...
Crypto++ 加密问题漏洞
Crypto++ is a C++ cryptographic method library A security vulnerability exists in Crypto++ 8.5 and earlier versions, which stems from the fact that a certain dangerous combination of a prime number defined by the receiver's public key, a generator defined by the receiver's public key, and a...
Junos OS: OpenSSL Security Advisories [16 Apr 2018] and [12 June 2018] (JSA10919)
According to its self-reported version number, the remote Juniper Junos device is affected by a multiple vulnerabilities: - During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend...
Code injection
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 in 4.0.x series and versions prior to 4.1.6.2 in 4.1.x series contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service DoS on TLS clients during the handshake when a very large prime value is se...
SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2018:2683-1)
This update for compat-openssl098 fixes the following security issues : CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of ti...
OpenSSL 1.0.2 < 1.0.2p Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.2p. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2p advisory. - During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the...
openSUSE: Security Advisory for openssl (openSUSE-SU-2018:1906-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2018-0732 Client DoS due to large DH parameter
During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...