CVE-2018-0732 in Fujitsu M10-1info

Summary

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

11/30/2017

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
143749Oracle Fujitsu M10-1 OpenSSL key management320Not definedOfficial fixCVE-2018-0732
137890Oracle Diameter Signaling Router (DSR) OpenSSL key management320Not definedOfficial fixCVE-2018-0732
133654Oracle JD Edwards EnterpriseOne Tools Enterprise Infrastructure SEC denial of service404Not definedOfficial fixCVE-2018-0732
133509Oracle Communications Operations Monitor OpenSSL denial of service404Not definedOfficial fixCVE-2018-0732
133507Oracle Communications EAGLE LNP Application Processor OpenSSL denial of service404Not definedOfficial fixCVE-2018-0732
133506Oracle Communications Application Session Controller OpenSSL denial of service404Not definedOfficial fixCVE-2018-0732
129704Oracle OSS Support Tools Services Tools Bundle key management320Not definedOfficial fixCVE-2018-0732
129700Oracle Agile Engineering Data Management OpenSSL key management320Not definedOfficial fixCVE-2018-0732
129654Oracle PeopleSoft Enterprise PeopleTools OpenSSL key management320Not definedOfficial fixCVE-2018-0732
129650Oracle MySQL Enterprise Monitor Monitoring key management320Not definedOfficial fixCVE-2018-0732
129623Oracle MySQL Workbench OpenSSL key management320Not definedOfficial fixCVE-2018-0732
129620Oracle JD Edwards World Security OpenSSL key management320Not definedOfficial fixCVE-2018-0732
129544Oracle Endeca Server libssh key management320Not definedOfficial fixCVE-2018-0732
129542Oracle API Gateway Apache Batik key management320Not definedOfficial fixCVE-2018-0732
129515Oracle Enterprise Manager Ops Center Jasper Project key management320Not definedOfficial fixCVE-2018-0732
129513Oracle Enterprise Manager Base Platform Bouncy Castle Java key management320Not definedOfficial fixCVE-2018-0732
129491Oracle Primavera P6 Enterprise Project Portfolio Management jackson-databind key management320Not definedOfficial fixCVE-2018-0732
129488Oracle Enterprise Session Border Controller OpenSSL key management320Not definedOfficial fixCVE-2018-0732
129487Oracle Enterprise Communications Broker jackson-databind key management320Not definedOfficial fixCVE-2018-0732
129486Oracle Communications WebRTC Session Controller jQuery FileUpload key management320Not definedOfficial fixCVE-2018-0732
129485Oracle Communications Unified Session Manager OpenSSL key management320Not definedOfficial fixCVE-2018-0732
129484Oracle Communications Session Border Controller OpenSSL key management320Not definedOfficial fixCVE-2018-0732
125666Oracle VM VirtualBox OpenSSL key management320Not definedOfficial fixCVE-2018-0732
125444Oracle Tuxedo Docs-ATMI-IB key management320Not definedOfficial fixCVE-2018-0732
119378OpenSSL TLS Handshake key management320Not definedOfficial fixCVE-2018-0732

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!