D(HE)at is a denial-of-service (DoS) attack on the finite field Diffie-Hellman (DH) key exchange protocol allowing remote users without any privileges triggering expensive server-side DH modular-exponentiation calculations without any significant resource (CPU) requirement on the attacker’s side.

CVE-2002-20001 was assigned to the attack and a full technical paper published at IEEE Access, while there are additional implementation issues (CVE-2022-40735, CVE-2024-41996) that strongly influences the affect of an attack.

Cryptolyzer, ssh-audit (open source), and Scanigma (SaaS) can be used to check whether your service is affected by D(HE)at attack.

Recent References

ALAS-2024-727

read more

Security update for openssl-3

read more

More

How Diffie-Hellman Key Exchange can Cause Availability Issues

Release 1.30.0-gke.1930

CVE-2024-41996

CVE-2024-41996

All References