CVE-2018-0733

CVE Database · CVE-2018-0733

CVE-2018-0733

· N/AModified

CVSS v3.1

N/A

EPSS

8.64%

Published

Mar 27, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g).

Affected Products (1)

openssl · opensslvulnerable

References (20)

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/103517

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040576

Third Party AdvisoryVDB Entry

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f

https://security.gentoo.org/glsa/201811-21

https://security.netapp.com/advisory/ntap-20180330-0002/

Third Party Advisory

https://www.openssl.org/news/secadv/20180327.txt

KEV Catalog EPSS Scores Vendors All CVEs