7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.008 Low
EPSS
Percentile
82.3%
mozilla-ssl-config-generator is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the use of long exponents that arguably make certain calculations unnecessarily expensive causing an application crash.
CPE | Name | Operator | Version |
---|---|---|---|
mozilla-ssl-config-generator | eq | 1.0.0 | |
mozilla-ssl-config-generator | eq | 1.0.0 |
bugzilla.suse.com/show_bug.cgi?id=1205476
dheatattack.gitlab.io/
gist.github.com/c0r0n3r/9455ddcab985c50fd1912eabf26e058b
github.com/c0r0n3r/dheater
github.com/mozilla/ssl-config-generator/issues/162
ieeexplore.ieee.org/document/10374117
link.springer.com/content/pdf/10.1007/3-540-68339-9_29.pdf
nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf
raw.githubusercontent.com/CVEProject/cvelist/9d7fbbcabd3f44cfedc9e8807757d31ece85a2c6/2022/40xxx/CVE-2022-40735.json
www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol/links/546c144f0cf20dedafd53e7e/Security-Issues-in-the-Diffie-Hellman-Key-Agreement-Protocol.pdf
www.rfc-editor.org/rfc/rfc3526
www.rfc-editor.org/rfc/rfc4419
www.rfc-editor.org/rfc/rfc5114#section-4
www.rfc-editor.org/rfc/rfc7919#section-5.2