CVE-2002-20001
Description
A denial-of-service attack on finite field Diffie-Hellman key exchange allows remote attackers to trigger expensive server-side computations with minimal resources.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A denial-of-service attack on finite field Diffie-Hellman key exchange allows remote attackers to trigger expensive server-side computations with minimal resources.
Vulnerability
The Diffie-Hellman Key Agreement Protocol, as used in TLS, allows remote attackers to send arbitrary numbers that are not valid public keys, forcing the server to perform expensive modular exponentiation calculations. This is inherent to the protocol and affects any server that supports DHE key exchange, especially those allowing large key sizes. The attack is known as D(HE)at and is assigned CVE-2002-20001 [1][2][3].
Exploitation
An attacker on the client side simply claims it can only communicate with DHE, and the server must be configured to allow DHE. The attacker sends arbitrary large numbers, causing the server to compute modular exponentiation with very little CPU and bandwidth on the client side. No authentication or privileges are required. The attack can be amplified if the server selects its largest supported key size [1][2].
Impact
Successful exploitation leads to high CPU usage on the server, potentially resulting in denial-of-service (DoS). The attacker gains no access to data or privileges; the impact is limited to resource exhaustion and service disruption [1][3].
Mitigation
Limit supported Diffie-Hellman groups to appropriate sizes (e.g., up to ffdhe3072) or disable finite field DH entirely in favor of ECDH where possible. Implement per-client CPU usage limits if available. Configuration guidance is provided by OpenSSL and HTTP server documentation [1]. Use tools like CryptoLyzer, ssh-audit, or Scanigma to test vulnerability [3][4]. Note: this is a protocol-level issue; no single patch exists, but mitigations significantly reduce risk.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Diffie-Hellman Key Agreement Protocol/Diffie-Hellman Key Agreement Protocoldescription
- osv-coords2 versionspkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ssh-audit&distro=openSUSE%20Tumbleweed
< 1.1.1m-4.1+ 1 more
- (no CPE)range: < 1.1.1m-4.1
- (no CPE)range: < 3.2.0-1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
11- cert-portal.siemens.com/productcert/pdf/ssa-506569.pdfmitre
- dheatattack.commitre
- dheatattack.gitlab.iomitre
- github.com/mozilla/ssl-config-generator/issues/162mitre
- ieeexplore.ieee.org/document/10374117mitre
- support.f5.com/csp/article/K83120834mitre
- www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txtmitre
- www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/mitre
- www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/mitre
- www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocolmitre
- www.suse.com/support/kb/doc/mitre
News mentions
0No linked articles in our index yet.