CVE-2018-0732

{"id": "CVE-2018-0732", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-06-12T13:29:00.207", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "tags": ["Patch", "Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "http://www.securityfocus.com/bid/104442", "tags": ["Third Party Advisory", "VDB Entry"], "source": "openssl-security@openssl.org"}, {"url": "http://www.securitytracker.com/id/1041090", "tags": ["Third Party Advisory", "VDB Entry"], "source": "openssl-security@openssl.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2552", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2553", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3221", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3505", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1296", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1297", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1543", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-419820.pdf", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3984ef0b72831da8b3ece4745cac4f8575b19098", "source": "openssl-security@openssl.org"}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ea7abeeabf92b7aca160bdd0208636d4da69f4f4", "source": "openssl-security@openssl.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", "source": "openssl-security@openssl.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", "source": "openssl-security@openssl.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", "source": "openssl-security@openssl.org"}, {"url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/", "tags": ["Vendor Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://security.gentoo.org/glsa/201811-03", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://security.netapp.com/advisory/ntap-20181105-0001/", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://security.netapp.com/advisory/ntap-20190118-0002/", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://usn.ubuntu.com/3692-1/", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://usn.ubuntu.com/3692-2/", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.debian.org/security/2018/dsa-4348", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.debian.org/security/2018/dsa-4355", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.openssl.org/news/secadv/20180612.txt", "tags": ["Vendor Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "tags": ["Patch", "Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "tags": ["Patch", "Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["Patch", "Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.tenable.com/security/tns-2018-12", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.tenable.com/security/tns-2018-13", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.tenable.com/security/tns-2018-14", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.tenable.com/security/tns-2018-17", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-320"}]}], "descriptions": [{"lang": "en", "value": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o)."}, {"lang": "es", "value": "Durante los acuerdos de clave en un handshake TLS mediante un conjunto de cifrado basado en DH(E), un servidor malicioso puede enviar un valor primo muy grande al cliente. Esto provocar\u00e1 que el cliente gaste una cantidad de tiempo demasiado grande generando una clave para este primo, lo que resulta en un bloqueo hasta que termine el cliente. Esto podr\u00eda explotarse en un ataque de Denegaci\u00f3n de servicio (DoS). Se ha solucionado en OpenSSL 1.1.0i-dev (afecta a 1.1.0-1.1.0h). Se ha solucionado en OpenSSL 1.0.2p-dev (afecta a 1.0.2-1.0.2o)."}], "lastModified": "2023-11-07T02:51:04.983", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DADB202-4A40-4A12-9CEA-F7BD4529F002", "versionEndIncluding": "1.0.2o", "versionStartIncluding": "1.0.2"}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF986111-5DDB-4BC8-AF03-14626778AB23", "versionEndIncluding": "1.1.0h", "versionStartIncluding": "1.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "344E262B-2C2F-42B4-B6BF-56ECC9792F37", "versionEndExcluding": "6.8.1", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "2D7B18CD-B613-47B1-84AB-E63CC8C217C4", "versionEndExcluding": "6.14.4", "versionStartIncluding": "6.9.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "F2A7041F-CF80-4FB3-9A45-1C454BEFF0D1", "versionEndExcluding": "8.8.1", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "2F1E356E-A599-4741-BD5C-B6CD8C23F8F1", "versionEndExcluding": "8.11.4", "versionStartIncluding": "8.9.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "BD090ABA-35A0-4884-B811-F2681DCDE777", "versionEndExcluding": "10.9.0", "versionStartIncluding": "10.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "openssl-security@openssl.org"}