Denial Of Service (DoS)

2023-10-1204:30:37

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

vulnerability

software crash

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.008 Low

EPSS

Percentile

82.3%

JSON

mozilla-ssl-config-generator is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the use of long exponents that arguably make certain calculations unnecessarily expensive causing an application crash.

CPENameOperatorVersion
mozilla-ssl-config-generatoreq1.0.0
mozilla-ssl-config-generatoreq1.0.0

CPE	Name	Operator	Version
	mozilla-ssl-config-generator	eq	1.0.0
	mozilla-ssl-config-generator	eq	1.0.0

References

bugzilla.suse.com/show_bug.cgi?id=1205476

dheatattack.gitlab.io/

gist.github.com/c0r0n3r/9455ddcab985c50fd1912eabf26e058b

github.com/c0r0n3r/dheater

github.com/mozilla/ssl-config-generator/issues/162

ieeexplore.ieee.org/document/10374117

link.springer.com/content/pdf/10.1007/3-540-68339-9_29.pdf

nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf

raw.githubusercontent.com/CVEProject/cvelist/9d7fbbcabd3f44cfedc9e8807757d31ece85a2c6/2022/40xxx/CVE-2022-40735.json

www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol/links/546c144f0cf20dedafd53e7e/Security-Issues-in-the-Diffie-Hellman-Key-Agreement-Protocol.pdf

www.rfc-editor.org/rfc/rfc3526

www.rfc-editor.org/rfc/rfc4419

www.rfc-editor.org/rfc/rfc5114#section-4

www.rfc-editor.org/rfc/rfc7919#section-5.2