CVE-2018-0732

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2018-0732
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2018-06-12 13:29:00 UTC
Updated2023-11-07 02:51:00 UTC
DescriptionDuring key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).

Risk And Classification

Problem Types: CWE-320

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Canonical Ubuntu Linux 12.04 All All All
Operating System Canonical Ubuntu Linux 14.04 All All All
Operating System Canonical Ubuntu Linux 16.04 All All All
Operating System Canonical Ubuntu Linux 17.10 All All All
Operating System Canonical Ubuntu Linux 18.04 All All All
Operating System Canonical Ubuntu Linux 12.04 All All All
Operating System Canonical Ubuntu Linux 14.04 All All All
Operating System Canonical Ubuntu Linux 16.04 All All All
Operating System Canonical Ubuntu Linux 17.10 All All All
Operating System Canonical Ubuntu Linux 18.04 All All All
Operating System Debian Debian Linux 8.0 All All All
Operating System Debian Debian Linux 8.0 All All All
Application Nodejs Node.js All All All All
Application Nodejs Node.js All All All All
Application Openssl Openssl All All All All
Application Openssl Openssl All All All All

References

ReferenceSourceLinkTags
Red Hat Customer Portal REDHAT access.redhat.com
January 2019 MySQL Vulnerabilities in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
[SECURITY] Fedora 30 Update: compat-openssl10-1.0.2o-7.fc30 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
Red Hat Customer Portal REDHAT access.redhat.com
git.openssl.org Git - openssl.git/commitdiff git.openssl.org
[R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® CONFIRM www.tenable.com
Red Hat Customer Portal REDHAT access.redhat.com
[SECURITY] Fedora 31 Update: compat-openssl10-1.0.2o-8.fc31 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 30 Update: compat-openssl10-1.0.2o-7.fc30 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[R1] LCE 5.1.1 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® CONFIRM www.tenable.com
[SECURITY] Fedora 29 Update: compat-openssl10-1.0.2o-7.fc29 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[R1] SecurityCenter 5.7.1 Fixes Multiple Third-Party Vulnerabilities - Security Advisory | Tenable® CONFIRM www.tenable.com
www.openssl.org/news/secadv/20180612.txt CONFIRM www.openssl.org Vendor Advisory
Debian -- Security Information -- DSA-4348-1 openssl DEBIAN www.debian.org
PAN-SA-2018-0015 OpenSSL Vulnerabilities in PAN-OS CONFIRM securityadvisories.paloaltonetworks.com
[SECURITY] [DLA 1449-1] openssl security update MLIST lists.debian.org Third Party Advisory
Red Hat Customer Portal REDHAT access.redhat.com
Red Hat Customer Portal REDHAT access.redhat.com
OpenSSL DH Parameter Processing Lets Remote Servers Deny Service on Connected Clients - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
[R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® CONFIRM www.tenable.com
git.openssl.org Git - openssl.git/commitdiff CONFIRM git.openssl.org Patch, Third Party Advisory
[SECURITY] Fedora 29 Update: compat-openssl10-1.0.2o-7.fc29 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
Oracle Critical Patch Update - January 2019 CONFIRM www.oracle.com
OpenSSL CVE-2018-0732 Denial of Service Vulnerability BID www.securityfocus.com Third Party Advisory, VDB Entry
Red Hat Customer Portal REDHAT access.redhat.com
Oracle Critical Patch Update - July 2019 MISC www.oracle.com
CVE-2018-0732 OpenSSL Vulnerability in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
git.openssl.org Git - openssl.git/commitdiff CONFIRM git.openssl.org Patch, Third Party Advisory
git.openssl.org Git - openssl.git/commitdiff git.openssl.org
cert-portal.siemens.com/productcert/pdf/ssa-419820.pdf CONFIRM cert-portal.siemens.com
[SECURITY] Fedora 31 Update: compat-openssl10-1.0.2o-8.fc31 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
August 2018 Security Releases | Node.js CONFIRM nodejs.org
USN-3692-1: OpenSSL vulnerabilities | Ubuntu security notices UBUNTU usn.ubuntu.com Third Party Advisory
Debian -- Security Information -- DSA-4355-1 openssl1.0 DEBIAN www.debian.org
CPU Oct 2018 CONFIRM www.oracle.com
OpenSSL: Denial of Service (GLSA 201811-03) — Gentoo security GENTOO security.gentoo.org
Oracle Critical Patch Update - October 2019 MISC www.oracle.com
Red Hat Customer Portal REDHAT access.redhat.com
Oracle Critical Patch Update Advisory - April 2020 N/A www.oracle.com
Oracle Critical Patch Update Advisory - January 2021 MISC www.oracle.com
USN-3692-2: OpenSSL vulnerabilities | Ubuntu security notices UBUNTU usn.ubuntu.com Third Party Advisory
Oracle Critical Patch Update Advisory - April 2019 MISC www.oracle.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Guido Vranken

Legacy QID Mappings

  • 390226 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2021-0011)
  • 390284 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)
  • 500368 Alpine Linux Security Update for libressl
  • 590699 Siemens TIM 1531 IRC Vulnerability (ICSA-21-159-08)
  • 591115 ABB Relion 670 series and Relion 650 series Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (ABBVU-PGGA-1MRG032388)
  • 670784 EulerOS Security Update for shim (EulerOS-SA-2021-2542)
  • 670808 EulerOS Security Update for shim (EulerOS-SA-2021-2566)
  • 690588 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (c82ecac5-6e3f-11e8-8777-b499baebfeaf)
  • 710295 Gentoo Linux Open Secure Sockets Layer Denial of service Vulnerability (GLSA 201811-03)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report