5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.011 Low
EPSS
Percentile
84.3%
The Diffie-Hellman Key Agreement Protocol allows use of long exponents that
arguably make certain calculations unnecessarily expensive, because the
1996 van Oorschot and Wiener paper found that “(appropriately) short
exponents” can be used when there are adequate subgroup constraints, and
these short exponents can lead to less expensive calculations than for long
exponents. This issue is different from CVE-2002-20001 because it is based
on an observation about exponent size, rather than an observation about
numbers that are not public keys. The specific situations in which
calculation expense would constitute a server-side vulnerability depend on
the protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.
In general, there might be an availability concern because of server-side
resource consumption from DHE modular-exponentiation calculations. Finally,
it is possible for an attacker to exploit this vulnerability and
CVE-2002-20001 together.
Author | Note |
---|---|
alexmurray | It would appear upstream openssl fixed this in 3.1.0 via https://github.com/openssl/openssl/pull/18480 |
mdeslaur | This was backported to 3.0.6 via https://github.com/openssl/openssl/pull/18793 doesn’t affect 1.x |
gist.github.com/c0r0n3r/9455ddcab985c50fd1912eabf26e058b
github.com/mozilla/ssl-config-generator/issues/162
github.com/openssl/openssl/pull/18480
ieeexplore.ieee.org/document/10374117
launchpad.net/bugs/cve/CVE-2022-40735
link.springer.com/content/pdf/10.1007/3-540-68339-9_29.pdf
nvd.nist.gov/vuln/detail/CVE-2022-40735
nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf
raw.githubusercontent.com/CVEProject/cvelist/9d7fbbcabd3f44cfedc9e8807757d31ece85a2c6/2022/40xxx/CVE-2022-40735.json
security-tracker.debian.org/tracker/CVE-2022-40735
ubuntu.com/security/notices/USN-6854-1
www.cve.org/CVERecord?id=CVE-2022-40735
www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol/links/546c144f0cf20dedafd53e7e/Security-Issues-in-the-Diffie-Hellman-Key-Agreement-Protocol.pdf
www.rfc-editor.org/rfc/rfc3526
www.rfc-editor.org/rfc/rfc4419
www.rfc-editor.org/rfc/rfc5114#section-4
www.rfc-editor.org/rfc/rfc7919#section-5.2
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.011 Low
EPSS
Percentile
84.3%