Home

CVE-2018-0732

Description

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
79.399

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2018-0732,CVE-2018-0737 are fixed in OpenSSL (x64) 1.0.2pWindows
Vulnerabilities CVE-2018-5407,CVE-2018-0732,CVE-2018-0737 are fixed in OpenSSL (x64) 1.1.0iWindows
Multiple vulnerabilities are fixed in Oracle VM VirtualBox (5.2.20)Windows
Vulnerabilities CVE-2018-0732,CVE-2018-0737,CVE-2018-7166,CVE-2018-12115 are fixed in Node.js 10 (10.24.1)Windows
Vulnerabilities CVE-2018-0732,CVE-2018-0737,CVE-2018-7166,CVE-2018-12115 are fixed in Node.js 10 (x64) (10.24.1)Windows
Vulnerabilities CVE-2018-0732,CVE-2018-0737,CVE-2018-7166,CVE-2018-12115 are fixed in Node.js 8 8.11.4Windows
Vulnerabilities CVE-2018-0732,CVE-2018-0737,CVE-2018-7166,CVE-2018-12115 are fixed in Node.js 8 (x64) 8.11.4Windows
Vulnerabilities CVE-2018-0732,CVE-2018-0737,CVE-2018-7166,CVE-2018-12115 are fixed in Node.js 6.14.4Windows
Vulnerabilities CVE-2018-0732,CVE-2018-10933 are affected in MySQL Workbench Enterprise Edition 8.0.13Windows
Vulnerabilities CVE-2018-0732,CVE-2018-10933 are affected in MySQL Workbench CE (x64) 8.0.13Windows
Vulnerabilities CVE-2018-5407,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737 are fixed in Nessus 7.1.4Windows
Vulnerabilities CVE-2018-0732,CVE-2018-0737 are fixed in Nessus 8.0.0Windows
Vulnerabilities CVE-2018-5407,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737 are fixed in Tenable Nessus 7.1.4Windows
Vulnerabilities CVE-2018-0732,CVE-2018-0737 are fixed in Tenable Nessus 8.0.0Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.55Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.56Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.57Windows
Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 8.4Windows
Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 15.1Windows
Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 15.2Windows
Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 16.1Windows
Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 16.2Windows
Vulnerabilities CVE-2016-1000031,CVE-2018-0732,CVE-2018-0734,CVE-2018-19362,CVE-2019-2512 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 17.12Windows
Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 18.8Windows
Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0Windows
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.1_1.1.0g-2ubuntu4.1_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.1_1.1.0g-2ubuntu4.1_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.2n-1ubuntu5.1_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.2n-1ubuntu5.1_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.1f-1ubuntu2.26_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.1f-1ubuntu2.26_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.2g-1ubuntu13.6_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.2g-1ubuntu13.6_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.2g-1ubuntu4.13_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.2g-1ubuntu4.13_amd64.debLinux
openssl security update(DSA-4157-1) openssl_1.1.0j-1~deb9u1_i386.debLinux
openssl security update(DSA-4157-1) openssl_1.1.0j-1~deb9u1_amd64.debLinux
SUSE-SU-2018:2683-1(SUSE Linux Enterprise Desktop 12-SP3 ) compat-openssl098-debugsource-0.9.8j-106.6.1.x86_64.rpmLinux
SUSE-SU-2018:2683-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-0.9.8j-106.6.1.x86_64.rpmLinux
SUSE-SU-2018:2683-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64.rpmLinux
SUSE-SU-2018:2683-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-debuginfo-0.9.8j-106.6.1.x86_64.rpmLinux
SUSE-SU-2018:2683-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.6.1.x86_64.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-1.0.2k-16.el7.x86_64.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-devel-1.0.2k-16.el7.i686.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-devel-1.0.2k-16.el7.x86_64.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-libs-1.0.2k-16.el7.i686.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-libs-1.0.2k-16.el7.x86_64.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-perl-1.0.2k-16.el7.x86_64.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-static-1.0.2k-16.el7.i686.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-static-1.0.2k-16.el7.x86_64.rpmLinux
Openssl update (ELSA-2019-2471) openssl-1.0.1e-58.0.1.el6_10.x86_64.rpmLinux
Openssl-devel update (ELSA-2019-2471) openssl-devel-1.0.1e-58.0.1.el6_10.x86_64.rpmLinux
Openssl-perl update (ELSA-2019-2471) openssl-perl-1.0.1e-58.0.1.el6_10.x86_64.rpmLinux
Openssl-static update (ELSA-2019-2471) openssl-static-1.0.1e-58.0.1.el6_10.x86_64.rpmLinux
Openssl update (ELSA-2019-2471) openssl-1.0.1e-58.0.1.el6_10.i686.rpmLinux
Openssl-devel update (ELSA-2019-2471) openssl-devel-1.0.1e-58.0.1.el6_10.i686.rpmLinux
Openssl-perl update (ELSA-2019-2471) openssl-perl-1.0.1e-58.0.1.el6_10.i686.rpmLinux
Openssl-static update (ELSA-2019-2471) openssl-static-1.0.1e-58.0.1.el6_10.i686.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-1.0.2k-16.el7.x86_64.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-devel-1.0.2k-16.el7.i686.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-devel-1.0.2k-16.el7.x86_64.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-libs-1.0.2k-16.el7.i686.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-libs-1.0.2k-16.el7.x86_64.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-perl-1.0.2k-16.el7.x86_64.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-static-1.0.2k-16.el7.i686.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-static-1.0.2k-16.el7.x86_64.rpmLinux
CVE-2018-0732NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-310858Oracle VM VirtualBox (6.0.12)
PATCH-319042Node.js 10 (10.24.1)
PATCH-319043Node.js 10 (x64) (10.24.1)
PATCH-319042Node.js 10 (10.24.1)
PATCH-347137MySQL Workbench CE (x64) (8.0.42)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234