Denial of service in OpenSSL

Published: 2018-06-13 11:26:36 | Updated: 2018-08-14
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-0732
Exploitation vector Network
Public exploit N/A
Vulnerable software OpenSSL
Vulnerable software versions OpenSSL 1.1.0h
OpenSSL 1.1.0g
OpenSSL 1.1.0f

Show more

Vendor URL OpenSSL Software Foundation

Security Advisory

Update 2018-08-14: The vendor has issued fixes with official releases of 1.0.2p and 1.1.0i.

1) Improper input validation


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to improper handling of large prime values by the affected software during key agreement operations in a Transport Layer Security (TLS) handshake using an Ephemeral Diffie-Hellman (DHE) based cipher suite. A remote attacker can send a large prime value from a malicious OpenSSL server to a targeted OpenSSL client and cause the client to stop responding while generating a key for the prime value.


Update to versions 1.1.0i or 1.0.2p.

External links

Back to List