CVE-2020-1118 — Microsoft Windows vulnerability

5 documents5 sources

Severity

7.5HIGHNVD

EPSS

11.3%

top 6.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Microsoft Windows 10 Version 1903 FOR 32-bit Systems Microsoft Windows 10 Version 1903 FOR Arm64-based Systems +7 more

Timeline

PublishedMay 21

Latest updateMay 24

Description

A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges, aka 'Microsoft Windows Transport Layer Security Denial of Service Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

▶CVEListV5microsoft/windows9 versions+8

▶NVDmicrosoft/windows1903, 1909+1

▶NVDmicrosoft/windows_105 versions+4

▶CVEListV5microsoft/windows_server2019, 2019 (Core installation), version 1803 (Core Installation)+2

▶CVEListV5microsoft/windows_10_version_1903_for_32-bit_systemsunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-jgvh-pmp6-rc4h: A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchan↗2022-05-24

▶

CVEList

CVE-2020-1118: A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchan↗2020-05-21

▶

📋Vendor Advisories

Microsoft

Microsoft Windows Transport Layer Security Denial of Service Vulnerability↗2020-05-12

▶

💬Community

Bugzilla

CVE-2018-16750 ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c↗2018-09-11

▶