CVE-2024-41996

ADVISORY - nist

Summary

Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.

EPSS Score⁠: 0.00166 (0.384)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-295⁠

Improper Certificate Validation

ADVISORY - redhat

CWE-295⁠

Improper Certificate Validation

Impacted images

Advisories

NIST

CREATED

10 months ago

UPDATED

10 months ago

ADVISORY IDCVE-2024-41996⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high

Ubuntu

CREATED

10 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2024-41996⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Amazon

CREATED

9 months ago

UPDATED

9 months ago

ADVISORY IDALAS2023-2024-727⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

10 months ago

UPDATED

4 months ago

ADVISORY IDCVE-2024-41996⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.9low