|Number of vulnerabilities||1|
|CVE ID|| CVE-2018-0732
|Public exploit||Not available|
|Vulnerable software versions||
|Vendor URL||OpenSSL Software Foundation|
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to improper handling of large prime values by the affected software during key agreement operations in a Transport Layer Security (TLS) handshake using an Ephemeral Diffie-Hellman (DHE) based cipher suite. A remote attacker can send a large prime value from a malicious OpenSSL server to a targeted OpenSSL client and cause the client to stop responding while generating a key for the prime value.Remediation
The vendor has issued a source code fix in commit ea7abeeab (for 1.1.0) and commit 3984ef0b7 (for 1.0.2).
The fix will be included in future versions 1.1.0i and 1.0.2p.