What is CVE-2018-0732?

CVE-2018-0732 is a vulnerability in Openssl. Published 2018-06-12.

Is CVE-2018-0732 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Openssl

CVE-2018-0732

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this p…

EPSS: 0.784 (99.1th percentile) — read the EPSS interpretation.

Affected products

Openssl — versions Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o), Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h)

Public proof-of-concept exploits

References

[debian-lts-announce] 20180728 [SECURITY] [DLA 1449-1] openssl security update (mailing-list, x_refsource_MLIST)
104442 (vdb-entry, x_refsource_BID)
DSA-4355 (vendor-advisory, x_refsource_DEBIAN)
RHSA-2018:2552 (x_refsource_REDHAT, vendor-advisory)
GLSA-201811-03 (vendor-advisory, x_refsource_GENTOO)
USN-3692-2 (x_refsource_UBUNTU, vendor-advisory)
RHSA-2018:2553 (x_refsource_REDHAT, vendor-advisory)
RHSA-2018:3505 (x_refsource_REDHAT, vendor-advisory)
USN-3692-1 (x_refsource_UBUNTU, vendor-advisory)
RHSA-2018:3221 (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2018-0732?: CVE-2018-0732 is a vulnerability in Openssl. Published 2018-06-12.
Is CVE-2018-0732 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.