cbcvebase.
CVE-2018-0732
published 2018-06-12

CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the…

PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
49.27%
98.7th percentile
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).

Affected

24 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debianopenssl< openssl 1.1.1-1 (bookworm)openssl 1.1.1-1 (bookworm)
nodejsnode.js>= 10.0.0 < 10.9.010.9.0
nodejsnode.js>= 6.0.0 < 6.8.16.8.1
nodejsnode.js>= 6.9.0 < 6.14.46.14.4
nodejsnode.js>= 8.0.0 < 8.8.18.8.1
nodejsnode.js>= 8.9.0 < 8.11.48.11.4
opensslopenssl
opensslopenssl
opensslopenssl>= 0 < 1.1.1-11.1.1-1
opensslopenssl>= 0 < 1.1.1-11.1.1-1
opensslopenssl>= 0 < 1.1.1-11.1.1-1
opensslopenssl>= 0 < 1.1.1-11.1.1-1
opensslopenssl>= 0 < 1.0.1f-1ubuntu2.261.0.1f-1ubuntu2.26
opensslopenssl>= 0 < 1.0.2g-1ubuntu4.131.0.2g-1ubuntu4.13
opensslopenssl>= 0 < 1.1.0g-2ubuntu4.11.1.0g-2ubuntu4.1
opensslopenssl1.0.2 – 1.0.2o
opensslopenssl1.1.0 – 1.1.0h
paloaltopan-os

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2018-0732 is exploitable during a TLS handshake using a DH(E)-based ciphersuite: a malicious server sends a very large prime value to the client, causing the client to hang (DoS). Monitor for abnormally long TLS handshake durations or client hangs when connecting to untrusted servers using DHE cipher suites.
  • No known public exploits specifically target this vulnerability, reducing active exploitation risk but not eliminating the need for patching and network-level controls.
  • ·Affected OpenSSL versions are 1.1.0 through 1.1.0h (fixed in 1.1.0i-dev) and 1.0.2 through 1.0.2o (fixed in 1.0.2p-dev). Detection/patching scope should target these version ranges.
  • ·The vulnerability is client-side: only clients initiating TLS connections to malicious servers using DHE cipher suites are at risk. Servers are not directly vulnerable.
  • ·Siemens TIM 1531 IRC (all versions prior to v2.2) is a confirmed affected ICS product. ICS environments should prioritize updating to v2.2 or later and restrict network access.
  • ·Red Hat Enterprise Linux 8 openssl package is not affected; RHEL 5, 6, 7 packages are marked 'Will not fix', meaning patching via Red Hat channels may not be available for those versions.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
vendor_ubuntu4.7MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.