CVE-2018-0732

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).

Published: Jun 12, 2018
Updated: Nov 9, 2025
CVE: CVE-2018-0732
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-320

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
openssl / openssl	1.1.0	1.1.0h.x
openssl / openssl	1.0.2	1.0.2o.x
debian / debian_linux	8.0	8.0.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	17.10	17.10.x
canonical / ubuntu_linux	18.04	18.04.x
nodejs / node.js	8.9.0	8.11.4
nodejs / node.js	8.0.0	8.8.1
nodejs / node.js	10.0.0	10.9.0
nodejs / node.js	6.9.0	6.14.4
nodejs / node.js	6.0.0	6.8.1

Vulnerability Database

300,445

CVE-2018-0732

Deep Security Visibility Without the Complexity