CVE-2018-0732
published 2018-06-12CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the…
PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
49.27%
98.7th percentile
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | openssl | < openssl 1.1.1-1 (bookworm) | openssl 1.1.1-1 (bookworm) |
| nodejs | node.js | >= 10.0.0 < 10.9.0 | 10.9.0 |
| nodejs | node.js | >= 6.0.0 < 6.8.1 | 6.8.1 |
| nodejs | node.js | >= 6.9.0 < 6.14.4 | 6.14.4 |
| nodejs | node.js | >= 8.0.0 < 8.8.1 | 8.8.1 |
| nodejs | node.js | >= 8.9.0 < 8.11.4 | 8.11.4 |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | >= 0 < 1.1.1-1 | 1.1.1-1 |
| openssl | openssl | >= 0 < 1.1.1-1 | 1.1.1-1 |
| openssl | openssl | >= 0 < 1.1.1-1 | 1.1.1-1 |
| openssl | openssl | >= 0 < 1.1.1-1 | 1.1.1-1 |
| openssl | openssl | >= 0 < 1.0.1f-1ubuntu2.26 | 1.0.1f-1ubuntu2.26 |
| openssl | openssl | >= 0 < 1.0.2g-1ubuntu4.13 | 1.0.2g-1ubuntu4.13 |
| openssl | openssl | >= 0 < 1.1.0g-2ubuntu4.1 | 1.1.0g-2ubuntu4.1 |
| openssl | openssl | 1.0.2 – 1.0.2o | — |
| openssl | openssl | 1.1.0 – 1.1.0h | — |
| paloalto | pan-os | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2018-0732 is exploitable during a TLS handshake using a DH(E)-based ciphersuite: a malicious server sends a very large prime value to the client, causing the client to hang (DoS). Monitor for abnormally long TLS handshake durations or client hangs when connecting to untrusted servers using DHE cipher suites. ↗
- →No known public exploits specifically target this vulnerability, reducing active exploitation risk but not eliminating the need for patching and network-level controls. ↗
- ·Affected OpenSSL versions are 1.1.0 through 1.1.0h (fixed in 1.1.0i-dev) and 1.0.2 through 1.0.2o (fixed in 1.0.2p-dev). Detection/patching scope should target these version ranges. ↗
- ·The vulnerability is client-side: only clients initiating TLS connections to malicious servers using DHE cipher suites are at risk. Servers are not directly vulnerable. ↗
- ·Siemens TIM 1531 IRC (all versions prior to v2.2) is a confirmed affected ICS product. ICS environments should prioritize updating to v2.2 or later and restrict network access. ↗
- ·Red Hat Enterprise Linux 8 openssl package is not affected; RHEL 5, 6, 7 packages are marked 'Will not fix', meaning patching via Red Hat channels may not be available for those versions. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
vendor_ubuntu4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens TIM 1531 IRC
cisa_ics·2021-06-08·CVSS 7.5
[HIGH] Siemens TIM 1531 IRC
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens TIM 1531 IRC
Last RevisedJune 08, 2021
Alert CodeICSA-21-159-08
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: TIM 1531 IRC
- Vulnerability: Uncontrolled Resource Consumption
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Siemens products are affected:
- TIM 1531 IRC (incl. SIPLUS NET variants): All versions prior to v2.2
## 3.2 VUL
Palo Alto
PAN-SA-2018-0015 OpenSSL Vulnerabilities in PAN-OS
vendor_paloalto·2018-10-12·CVSS 7.5
CVE-2018-0732 [HIGH] CWE-320 PAN-SA-2018-0015 OpenSSL Vulnerabilities in PAN-OS
PAN-SA-2018-0015 OpenSSL Vulnerabilities in PAN-OS
The OpenSSL library has been found to contain vulnerabilities CVE-2018-0732, CVE-2018-0737, and CVE-2018-0739. Palo Alto Networks software makes use of the vulnerable library and is
CVEs: CVE-2018-0732, CVE-2018-0737, CVE-2018-0739
Affected products: PAN-OS
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2018-06-26·CVSS 4.7
CVE-2018-0495 [MEDIUM] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Several security issues were fixed in OpenSSL.
Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key
generation. An attacker could possibly use this issue to perform a
cache-timing attack and recover private ECDSA keys. (CVE-2018-0495)
Guido Vranken discovered that OpenSSL incorrectly handled very large prime
values during a key agreement. A remote attacker could possibly use this
issue to consume resources, leading to a denial of service. (CVE-2018-0732)
Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis
Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key
generation. An attacker could possibly use this issue to perform a
cache-timing attack and recover private RSA keys. (CVE-2018-0737)
Instru
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2018-06-26·CVSS 4.7
CVE-2018-0495 [MEDIUM] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Several security issues were fixed in OpenSSL.
USN-3692-1 fixed a vulnerability in OpenSSL. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key
generation. An attacker could possibly use this issue to perform a
cache-timing attack and recover private ECDSA keys. (CVE-2018-0495)
Guido Vranken discovered that OpenSSL incorrectly handled very large prime
values during a key agreement. A remote attacker could possibly use this
issue to consume resources, leading to a denial of service. (CVE-2018-0732)
Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis
Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA ke
Red Hat
openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang
vendor_redhat·2018-06-12·CVSS 7.5
CVE-2018-0732 [HIGH] CWE-325 openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang
openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).
Package: openssl (Red Hat Enterprise Linux 5) - Will not fix
Package: openssl097a (Red Hat Enterprise Linux 5) - Will not fix
Package: openssl (Red Hat Enterprise Linux 6) - Will not fix
Package: openssl098e (Red Hat Enterprise
Debian
CVE-2018-0732: openssl - During key agreement in a TLS handshake using a DH(E) based ciphersuite a malici...
vendor_debian·2018·CVSS 7.5
CVE-2018-0732 [HIGH] CVE-2018-0732: openssl - During key agreement in a TLS handshake using a DH(E) based ciphersuite a malici...
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).
Scope: local
bookworm: resolved (fixed in 1.1.1-1)
bullseye: resolved (fixed in 1.1.1-1)
forky: resolved (fixed in 1.1.1-1)
sid: resolved (fixed in 1.1.1-1)
trixie: resolved (fixed in 1.1.1-1)
GHSA
GHSA-497c-86pp-222m: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client
ghsa_unreviewed·2022-05-13
CVE-2018-0732 [HIGH] GHSA-497c-86pp-222m: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).
OSV
openssl, openssl1.0 vulnerabilities
osv·2018-06-26·CVSS 4.7
CVE-2018-0495 [MEDIUM] openssl, openssl1.0 vulnerabilities
openssl, openssl1.0 vulnerabilities
Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key
generation. An attacker could possibly use this issue to perform a
cache-timing attack and recover private ECDSA keys. (CVE-2018-0495)
Guido Vranken discovered that OpenSSL incorrectly handled very large prime
values during a key agreement. A remote attacker could possibly use this
issue to consume resources, leading to a denial of service. (CVE-2018-0732)
Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis
Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key
generation. An attacker could possibly use this issue to perform a
cache-timing attack and recover private RSA keys. (CVE-2018-0737)
OSV
CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client
osv·2018-06-12·CVSS 7.5
CVE-2018-0732 [HIGH] CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).
No detection rules found.
No public exploits indexed.
HackerOne
Client DoS due to large DH parameter (CVE-2018-0732)
hackerone·2018-09-20·CVSS 7.5
CVE-2018-0732 [HIGH] Client DoS due to large DH parameter (CVE-2018-0732)
Client DoS due to large DH parameter (CVE-2018-0732)
https://www.openssl.org/news/secadv/20180612.txt
```
OpenSSL Security Advisory [12 June 2018]
Client DoS due to large DH parameter (CVE-2018-0732)
Severity: Low
During key agreement in a TLS handshake using a DH(E) based ciphersuite a
malicious server can send a very large prime value to the client. This will
cause the client to spend an unreasonably long period of time generating a key
for this prime resulting in a hang until the client has finished. This could be
exploited in a Denial Of Service attack.
Due to the low severity of this issue we are not issuing a new release of
OpenSSL 1.1.0 or 1.0.2 at this time. The fix will be included in OpenSSL 1.1.0i
and OpenSSL 1.0.2p when they become available. The fix is also available in
Bugzilla
CVE-2018-0732 mingw-openssl: openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang [fedora-all]
bugzilla·2018-06-14·CVSS 7.5
CVE-2018-0732 [HIGH] CVE-2018-0732 mingw-openssl: openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang [fedora-all]
CVE-2018-0732 mingw-openssl: openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
f
Bugzilla
CVE-2018-0732 openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang
bugzilla·2018-06-14·CVSS 7.5
CVE-2018-0732 [HIGH] CVE-2018-0732 openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang
CVE-2018-0732 openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang
OpenSSL versions 1.1.0 to 1.1.0h and 1.0.2 to 1.0.2o allow malicious servers to send very large primes to a client during DH(E) based TLS handshakes. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.
External Reference:
https://www.openssl.org/news/secadv/20180612.txt
Upstream Patches:
https://github.com/openssl/openssl/commit/ea7abeeabf92b7aca160bdd0208636d4da69f4f4
https://github.com/openssl/openssl/commit/3984ef0b72831da8b3ece4745cac4f8575b19098
Discussion:
Created mingw-openssl tracking bugs for t
Bugzilla
CVE-2018-0732 openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang [fedora-all]
bugzilla·2018-06-14·CVSS 7.5
CVE-2018-0732 [HIGH] CVE-2018-0732 openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang [fedora-all]
CVE-2018-0732 openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit me
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.securityfocus.com/bid/104442http://www.securitytracker.com/id/1041090https://access.redhat.com/errata/RHSA-2018:2552https://access.redhat.com/errata/RHSA-2018:2553https://access.redhat.com/errata/RHSA-2018:3221https://access.redhat.com/errata/RHSA-2018:3505https://access.redhat.com/errata/RHSA-2019:1296https://access.redhat.com/errata/RHSA-2019:1297https://access.redhat.com/errata/RHSA-2019:1543https://cert-portal.siemens.com/productcert/pdf/ssa-419820.pdfhttps://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3984ef0b72831da8b3ece4745cac4f8575b19098https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ea7abeeabf92b7aca160bdd0208636d4da69f4f4https://lists.debian.org/debian-lts-announce/2018/07/msg00043.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/https://security.gentoo.org/glsa/201811-03https://security.netapp.com/advisory/ntap-20181105-0001/https://security.netapp.com/advisory/ntap-20190118-0002/https://securityadvisories.paloaltonetworks.com/Home/Detail/133https://usn.ubuntu.com/3692-1/https://usn.ubuntu.com/3692-2/https://www.debian.org/security/2018/dsa-4348https://www.debian.org/security/2018/dsa-4355https://www.openssl.org/news/secadv/20180612.txthttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://www.tenable.com/security/tns-2018-12https://www.tenable.com/security/tns-2018-13https://www.tenable.com/security/tns-2018-14https://www.tenable.com/security/tns-2018-17http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.securityfocus.com/bid/104442http://www.securitytracker.com/id/1041090https://access.redhat.com/errata/RHSA-2018:2552https://access.redhat.com/errata/RHSA-2018:2553https://access.redhat.com/errata/RHSA-2018:3221https://access.redhat.com/errata/RHSA-2018:3505https://access.redhat.com/errata/RHSA-2019:1296https://access.redhat.com/errata/RHSA-2019:1297https://access.redhat.com/errata/RHSA-2019:1543https://cert-portal.siemens.com/productcert/pdf/ssa-419820.pdfhttps://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3984ef0b72831da8b3ece4745cac4f8575b19098https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ea7abeeabf92b7aca160bdd0208636d4da69f4f4https://lists.debian.org/debian-lts-announce/2018/07/msg00043.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/https://security.gentoo.org/glsa/201811-03https://security.netapp.com/advisory/ntap-20181105-0001/https://security.netapp.com/advisory/ntap-20190118-0002/https://securityadvisories.paloaltonetworks.com/Home/Detail/133https://usn.ubuntu.com/3692-1/https://usn.ubuntu.com/3692-2/https://www.debian.org/security/2018/dsa-4348https://www.debian.org/security/2018/dsa-4355https://www.openssl.org/news/secadv/20180612.txthttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://www.tenable.com/security/tns-2018-12https://www.tenable.com/security/tns-2018-13https://www.tenable.com/security/tns-2018-14https://www.tenable.com/security/tns-2018-17
2018-06-12
Published