CVE-2022-40735: High severity diffie-hellman key exchange vulnerability

Published May 19, 2022
·
Updated

Diffie-Hellman key agreement protocol is vulnerable to a denial of service, caused by the use of long exponents that arguably make certain calculations unnecessarily expensive. By sending specially-crafted network traffic, a remote attacker could exploit this vulnerability to cause a denial of service.

Other sources

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents" can be used when there are adequate subgroup constraints, and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size, rather than an observation about numbers that are not public keys. The specific situations in which calculation expense would constitute a server-side vulnerability depend on the protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details. In general, there might be an availability concern because of server-side resource consumption from DHE modular-exponentiation calculations. Finally, it is possible for an attacker to exploit this vulnerability and CVE-2002-20001 together.

F5

Affected Software

17 affected componentsFixes available
Diffie-hellman Key Exchange Project Diffie-hellman Key Exchange
F5 BIG-IP (APM)=17.0.0
17.1.0
F5 BIG-IP (APM)>=16.1.0<=16.1.3
16.1.4
F5 BIG-IP (APM)>=15.1.0<=15.1.10
F5 BIG-IP (APM)>=14.1.0<=14.1.5
F5 BIG-IP (APM)>=13.1.0<=13.1.5
F5 BIG-IP=17.5.0, >=17.0.0<=17.1.2
F5 BIG-IP>=16.1.0<=16.1.6
F5 BIG-IP>=15.1.0<=15.1.10
F5 BIG-IP>=14.1.0<=14.1.5
F5 BIG-IP>=13.1.0<=13.1.5
F5 BIG-IP SPK=1.6.0
F5 BIG-IQ Centralized Management>=8.0.0<=8.4.0
F5 BIG-IQ Centralized Management=7.1.0
F5 F5OS-A=1.8.0, >=1.5.0<=1.5.3, >=1.3.0<=1.3.2
F5 F5OS-C>=1.8.0<=1.8.1, >=1.6.0<=1.6.2, >=1.5.0<=1.5.1, >=1.3.0<=1.3.2
F5 Traffix SDC=5.2.0, =5.1.0
5.2

Remediation

Patch Available

https://github.com/openssl/openssl/commit/8ed6ddcaa559b7b04202c15ea3a95ee0b05caeba

Patch Available

https://github.com/openssl/openssl/commit/c9bdbc12ac7343992ba249e11d2bda3338469a97

Patch Available

https://github.com/openssl/openssl/commit/5eac066bef0c23bb74255423d335e634e4deb8d5

Patch Available

https://github.com/openssl/openssl/commit/ce4579adf94d5f26e566a1e04c8a52ec5943cdd0

Event History

May 19, 2022
Advisory Published
via F5·03:43 AM
Data Sourced
via F5·03:43 AM
DescriptionSeverityWeaknessAffected Software
Nov 14, 2022
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Jul 1, 2024
Data Sourced
via Launchpad·10:48 AM
Description
Sep 3, 2024
Data Sourced
via Debian·10:58 AM
DescriptionAffected Software
Sep 15, 2024
Data Sourced
via Ubuntu·11:00 AM
RemedyDescriptionSeverityAffected Software
May 2, 2025
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2022-40735?

CVE-2022-40735 is considered high severity due to the potential for Denial of Service attacks against affected systems.

2

How do I fix CVE-2022-40735?

To fix CVE-2022-40735, upgrade your F5 BIG-IP, BIG-IQ, or Traffix SDC to the recommended software versions provided in the vendor's advisory.

3

Which products are affected by CVE-2022-40735?

CVE-2022-40735 affects various versions of F5 products including BIG-IP, BIG-IQ Centralized Management, and Traffix SDC.

4

What attack vector is associated with CVE-2022-40735?

CVE-2022-40735 can be exploited by remote attackers sending arbitrary numbers to trigger costly server-side computations.

5

Is there a specific patch for CVE-2022-40735?

Yes, F5 has released specific patches and recommended upgrades to mitigate CVE-2022-40735.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203