|Number of vulnerabilities||1|
|CVE ID|| CVE-2018-0732
|Vulnerable software versions||
Gentoo Linux -
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to improper handling of large prime values by the affected software during key agreement operations in a Transport Layer Security (TLS) handshake using an Ephemeral Diffie-Hellman (DHE) based cipher suite. A remote attacker can send a large prime value from a malicious OpenSSL server to a targeted OpenSSL client and cause the client to stop responding while generating a key for the prime value.Remediation
Update the affected packages.
dev-libs/openssl to version: 1.0.2o-r6