Lucene search

K
ubuntucveUbuntu.comUB:CVE-2018-0732
HistoryJun 12, 2018 - 12:00 a.m.

CVE-2018-0732

2018-06-1200:00:00
ubuntu.com
ubuntu.com
18

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.048

Percentile

92.9%

During key agreement in a TLS handshake using a DH(E) based ciphersuite a
malicious server can send a very large prime value to the client. This will
cause the client to spend an unreasonably long period of time generating a
key for this prime resulting in a hang until the client has finished. This
could be exploited in a Denial Of Service attack. Fixed in OpenSSL
1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected
1.0.2-1.0.2o).

OSVersionArchitecturePackageVersionFilename
ubuntu17.10noarchopenssl< 1.0.2g-1ubuntu13.6UNKNOWN
ubuntu18.04noarchopenssl< 1.1.0g-2ubuntu4.1UNKNOWN
ubuntu18.10noarchopenssl< 1.1.0g-2ubuntu5UNKNOWN
ubuntu19.04noarchopenssl< 1.1.0g-2ubuntu5UNKNOWN
ubuntu14.04noarchopenssl< 1.0.1f-1ubuntu2.26UNKNOWN
ubuntu16.04noarchopenssl< 1.0.2g-1ubuntu4.13UNKNOWN
ubuntu18.04noarchopenssl1.0< 1.0.2n-1ubuntu5.1UNKNOWN
ubuntu18.10noarchopenssl1.0< 1.0.2n-1ubuntu6UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.048

Percentile

92.9%