7.5
CVE-2024-41996
- EPSS 1.08%
- Veröffentlicht 26.08.2024 06:15:04
- Zuletzt bearbeitet 12.05.2026 12:17:03
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerdiffie-hellman_key_exchange_project
≫
Produkt
diffie-hellman_key_exchange
Default Statusunknown
Version <=
*
Version
0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.08% | 0.608 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
https://dheatattack.gitlab.io/details/
https://dheatattack.gitlab.io/faq/
https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1
https://cert-portal.siemens.com/productcert/html/ssa-485750.html
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
https://cert-portal.siemens.com/productcert/html/ssa-089022.html