Description
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
Remediation
References
Related Vulnerabilities
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3383)
Oracle JRE CVE-2014-0459 Vulnerability (CVE-2014-0459)
WordPress Plugin Image Widget Unspecified Vulnerability (4.1.2)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2039)