OpenSSL CVE-2018-0732 Denial of Service Vulnerability
BID:104442
CVE-2018-732 |Info
OpenSSL CVE-2018-0732 Denial of Service Vulnerability
| Bugtraq ID: | 104442 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2018-0732 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 12 2018 12:00AM |
| Updated: | Jul 17 2019 09:00AM |
| Credit: | Guido Vranken. |
| Vulnerable: |
Tenable Nessus 7.2.1 Tenable Nessus 7.2 Tenable Nessus 7.1.3 Tenable Nessus 7.1.2 Tenable Nessus 7.1.1 Tenable Nessus 7.1 Tenable Nessus 6.9.3 Tenable Nessus 6.9 Tenable Nessus 6.8 Tenable Nessus 6.7 Tenable Nessus 6.6.2 Tenable Nessus 6.6.1 Tenable Nessus 6.6 Tenable Nessus 6.5.6 Tenable Nessus 6.5.5 Tenable Nessus 6.5.4 Tenable Nessus 6.5.3 Tenable Nessus 6.5.2 Tenable Nessus 6.5.1 Tenable Nessus 6.5 Tenable Nessus 6.4.3 Tenable Nessus 6.4.2 Tenable Nessus 6.4.1 Tenable Nessus 6.4 Tenable Nessus 6.3.7 Tenable Nessus 6.3.6 Tenable Nessus 6.3.5 Tenable Nessus 6.3.4 Tenable Nessus 6.3.3 Tenable Nessus 6.3.2 Tenable Nessus 6.3.1 Tenable Nessus 6.3 Tenable Nessus 6.2.1 Tenable Nessus 6.2 Tenable Nessus 6.1.2 Tenable Nessus 6.1.1 Tenable Nessus 6.1 Tenable Nessus 6.0.2 Tenable Nessus 6.0.1 Tenable Nessus 6.0 Tenable Nessus 7.0 Tenable Nessus 6.9.2 Tenable Nessus 6.9.1 Paloaltonetworks WF-500 0 Paloaltonetworks PAN-OS 8.1.3 Paloaltonetworks PAN-OS 8.1.2 Paloaltonetworks PAN-OS 8.1.1 Paloaltonetworks PAN-OS 8.1 Paloaltonetworks PAN-OS 8.0.12 Paloaltonetworks PAN-OS 8.0.9 Paloaltonetworks PAN-OS 8.0.8 Paloaltonetworks PAN-OS 8.0.2 Paloaltonetworks PAN-OS 8.0.1 Paloaltonetworks PAN-OS 7.1.19 Paloaltonetworks PAN-OS 7.1.16 Paloaltonetworks PAN-OS 7.1.12 Paloaltonetworks PAN-OS 7.1.11 Paloaltonetworks PAN-OS 7.1.9 Paloaltonetworks PAN-OS 7.1.5 Paloaltonetworks PAN-OS 7.1.4 Paloaltonetworks PAN-OS 7.1.3 Paloaltonetworks PAN-OS 7.1.2 Paloaltonetworks PAN-OS 7.1.1 Paloaltonetworks PAN-OS 7.1 Paloaltonetworks PAN-OS 6.1.18 Paloaltonetworks PAN-OS 6.1.16 Paloaltonetworks PAN-OS 6.1.15 Paloaltonetworks PAN-OS 6.1.14 Paloaltonetworks PAN-OS 6.1.12 Paloaltonetworks PAN-OS 6.1.11 Paloaltonetworks PAN-OS 6.1.10 Paloaltonetworks PAN-OS 6.1.9 Paloaltonetworks PAN-OS 6.1.4 Paloaltonetworks PAN-OS 6.1.3 Paloaltonetworks PAN-OS 8.0.7 Paloaltonetworks PAN-OS 8.0.6 Paloaltonetworks PAN-OS 8.0.5 Paloaltonetworks PAN-OS 8.0.4 Paloaltonetworks PAN-OS 8.0.3 Paloaltonetworks PAN-OS 8.0.11 Paloaltonetworks PAN-OS 8.0.10 Paloaltonetworks PAN-OS 7.1.8 Paloaltonetworks PAN-OS 7.1.7 Paloaltonetworks PAN-OS 7.1.6 Paloaltonetworks PAN-OS 7.1.18 Paloaltonetworks PAN-OS 7.1.17 Paloaltonetworks PAN-OS 7.1.14 Paloaltonetworks PAN-OS 7.1.13 Paloaltonetworks PAN-OS 7.1.10 Paloaltonetworks PAN-OS 6.1.20 Paloaltonetworks PAN-OS 6.1.2 Paloaltonetworks PAN-OS 6.1.19 Paloaltonetworks PAN-OS 6.1.17 Paloaltonetworks PAN-OS 6.1.13 Oracle Tuxedo 12.1.1.0 Oracle Primavera P6 Enterprise Project Portfolio Management 8.4 Oracle Primavera P6 Enterprise Project Portfolio Management 18.8 Oracle Primavera P6 Enterprise Project Portfolio Management 17.7 Oracle Primavera P6 Enterprise Project Portfolio Management 17.12 Oracle Primavera P6 Enterprise Project Portfolio Management 16.2 Oracle Primavera P6 Enterprise Project Portfolio Management 16.1 Oracle Primavera P6 Enterprise Project Portfolio Management 15.2 Oracle Primavera P6 Enterprise Project Portfolio Management 15.1 Oracle PeopleSoft Enterprise PeopleTools 8.57 Oracle PeopleSoft Enterprise PeopleTools 8.56 Oracle PeopleSoft Enterprise PeopleTools 8.55 Oracle OSS Support Tools 2.11.33 Oracle OSS Support Tools 2.11 Oracle OSS Support Tools 8.9.15.9.8 Oracle OSS Support Tools 8.8.15.7.15 Oracle OSS Support Tools 8.15.17.3.14 Oracle OSS Support Tools 19.0 Oracle OSS Support Tools 18.4 Oracle OSS Support Tools 18.3 Oracle OSS Support Tools 18.2 Oracle MySQL Workbench 8.0.13 Oracle MySQL Workbench 8.0.11 Oracle MySQL Workbench 6.3.10 Oracle MySQL Workbench 6.3.8 Oracle MySQL Workbench 6.1.5 Oracle MySQL Workbench 6.1.4 Oracle MySQL Enterprise Monitor 8.0.13 Oracle MySQL Enterprise Monitor 4.0.7 Oracle MySQL Enterprise Monitor 8.0.2.8191 Oracle MySQL Enterprise Monitor 8.0.0.8131 Oracle MySQL Enterprise Monitor 4.0.6.5281 Oracle MySQL Enterprise Monitor 4.0.4.5235 Oracle MySQL Enterprise Monitor 4.0.2.5168 Oracle MySQL Enterprise Monitor 4.0.0.5135 Oracle Linux 7 Oracle Linux 6.0 Oracle JD Edwards World Security A9.4 Oracle JD Edwards World Security A9.3.1 Oracle JD Edwards World Security A9.3 Oracle JD Edwards EnterpriseOne Tools 9.2 Oracle Enterprise Session Border Controller E-CZ8.1.0 Oracle Enterprise Session Border Controller E-CZ8.0.0 Oracle Enterprise Session Border Controller E-CZ7.5.0 Oracle Enterprise Session Border Controller E-CZ7.4.0 Oracle Enterprise Manager Ops Center 12.3.3 Oracle Enterprise Manager Ops Center 12.2.2 Oracle Enterprise Manager Base Platform 13.3 Oracle Enterprise Manager Base Platform 13.2 Oracle Enterprise Manager Base Platform 12.1.0.5 Oracle Enterprise Communications Broker P-CZ3.0.0 Oracle Enterprise Communications Broker P-CZ2.2.0 Oracle Enterprise Communications Broker P-CZ2.1.0 Oracle Endeca Server 7.7.0 Oracle Communications WebRTC Session Controller 7.1 Oracle Communications WebRTC Session Controller 7.0 Oracle Communications Unified Session Manager 7.3.5 Oracle Communications Session Border Controller SCz8.1.0 Oracle Communications Session Border Controller SCz8.0.0 Oracle Communications Session Border Controller SCz7.4.1 Oracle Communications Session Border Controller SCZ7.4.0 Oracle Communications Operations Monitor 4.0 Oracle Communications Operations Monitor 3.4 Oracle Communications EAGLE LNP Application Processor 10.2 Oracle Communications EAGLE LNP Application Processor 10.1 Oracle Communications EAGLE LNP Application Processor 10.0 Oracle Communications Diameter Signaling Router 8.3 Oracle Communications Diameter Signaling Router 8.2 Oracle Communications Diameter Signaling Router 8.1 Oracle Communications Diameter Signaling Router 8.0 Oracle Communications Application Session Controller 3.8 Oracle Communications Application Session Controller 3.7.1 Oracle API Gateway 11.1.2.4.0 Oracle Agile Engineering Data Management 6.2.1 Oracle Agile Engineering Data Management 6.2 Oracle Agile Engineering Data Management 6.1.3 OpenSSL Project OpenSSL 1.1 OpenSSL Project OpenSSL 1.0.2 OpenSSL Project OpenSSL 1.1.0h OpenSSL Project OpenSSL 1.1.0g OpenSSL Project OpenSSL 1.1.0f OpenSSL Project OpenSSL 1.1.0e OpenSSL Project OpenSSL 1.1.0d OpenSSL Project OpenSSL 1.1.0c OpenSSL Project OpenSSL 1.1.0b OpenSSL Project OpenSSL 1.1.0a OpenSSL Project OpenSSL 1.0.2o OpenSSL Project OpenSSL 1.0.2n OpenSSL Project OpenSSL 1.0.2m OpenSSL Project OpenSSL 1.0.2l OpenSSL Project OpenSSL 1.0.2k OpenSSL Project OpenSSL 1.0.2j OpenSSL Project OpenSSL 1.0.2i OpenSSL Project OpenSSL 1.0.2h OpenSSL Project OpenSSL 1.0.2g OpenSSL Project OpenSSL 1.0.2f OpenSSL Project OpenSSL 1.0.2e OpenSSL Project OpenSSL 1.0.2d OpenSSL Project OpenSSL 1.0.2c OpenSSL Project OpenSSL 1.0.2b OpenSSL Project OpenSSL 1.0.2a |
| Not Vulnerable: |
Tenable Nessus 8.0 Paloaltonetworks PAN-OS 8.1.4 Paloaltonetworks PAN-OS 8.0.14 Paloaltonetworks PAN-OS 7.1.21 Oracle OSS Support Tools 19.1 Oracle Communications WebRTC Session Controller 7.2 OpenSSL Project OpenSSL 1.1.0i-dev OpenSSL Project OpenSSL 1.1.0i OpenSSL Project OpenSSL 1.0.2p-dev OpenSSL Project OpenSSL 1.0.2p |
Discussion
OpenSSL CVE-2018-0732 Denial of Service Vulnerability
OpenSSL is prone to denial-of-service vulnerability.
An attacker can exploit this issue to cause a denial-of-service condition.
OpenSSL is prone to denial-of-service vulnerability.
An attacker can exploit this issue to cause a denial-of-service condition.
Exploit / POC
OpenSSL CVE-2018-0732 Denial of Service Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
OpenSSL CVE-2018-0732 Denial of Service Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
OpenSSL CVE-2018-0732 Denial of Service Vulnerability
References:
References:
- Reject excessively large primes in DH key generation. (OpenSSL)
- OpenSSL Homepage (OpenSSL)
- Client DoS due to large DH parameter (CVE-2018-0732) (OpenSSL)
- Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities (Tenable)
- OpenSSL 1.0.2 Series Release Notes (OpenSSL)
- OpenSSL 1.1.0 Series Release Notes (OpenSSL)
- OpenSSL vulnerabilities (OpenSSL)
- OpenSSL Vulnerabilities in PAN-OS (PAN-SA-2018-0015) (Palo Alto Networks)
- Oracle Critical Patch Update Advisory - April 2019 (Oracle)
- Oracle Critical Patch Update Advisory - January 2019 (Oracle)
- Oracle Critical Patch Update Advisory - July 2019 (Oracle)
- Oracle Critical Patch Update Advisory - October 2018 (Oracle)
- Oracle Linux Bulletin - October 2018 (Oracle)