|Number of vulnerabilities||1|
|CVE ID|| CVE-2018-0732
|Public exploit||Not available|
|Vulnerable software versions||
|Vendor URL||OpenSSL Software Foundation|
Update 2018-08-14: The vendor has issued fixes with official releases of 1.0.2p and 1.1.0i.
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to improper handling of large prime values by the affected software during key agreement operations in a Transport Layer Security (TLS) handshake using an Ephemeral Diffie-Hellman (DHE) based cipher suite. A remote attacker can send a large prime value from a malicious OpenSSL server to a targeted OpenSSL client and cause the client to stop responding while generating a key for the prime value.Remediation
Update to versions 1.1.0i or 1.0.2p.External links