D(HE)at is a denial-of-service (DoS) attack on the finite field Diffie-Hellman (DH) key exchange protocol allowing remote users without any privileges triggering expensive server-side DH modular-exponentiation calculations without any significant resource (CPU) requirement on the attacker’s side.

CVE-2002-20001 was assigned to the attack and a full technical paper published at IEEE Access, while there are additional implementation issues (CVE-2022-40735, CVE-2024-41996) that strongly influences the affect of an attack.

Cryptolyzer, ssh-audit (open source), and Scanigma (SaaS) can be used to check whether your service is affected by D(HE)at attack.

Recent References

ALAS-2024-727

Issue Overview: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key. (CVE-2024-41996)
read more

Security update for openssl-3

CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698)
read more

More

How Diffie-Hellman Key Exchange can Cause Availability Issues

Release 1.30.0-gke.1930

CVE-2024-41996

CVE-2024-41996

All References