Published: 27/03/2018 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an malicious user to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g).

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme The module can only be compile ...

Nessus Network Monitor leverages third-party software to help provide underlying functionality One of the third-party components (OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL to address th ...

SecurityCenter leverages third-party software to help provide underlying functionality One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to provide a stand-alone OpenSSL patch to address the ...

Industrial Security leverages third-party software to help provide underlying functionality One of the third-party components (OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL to address the po ...

NVD-CWE-noinfo https://www.openssl.org/news/secadv/20180327.txt http://www.securitytracker.com/id/1040576 http://www.securityfocus.com/bid/103517 https://security.netapp.com/advisory/ntap-20180330-0002/https://www.tenable.com/security/tns-2018-04 https://www.tenable.com/security/tns-2018-07 https://www.tenable.com/security/tns-2018-06 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://security.gentoo.org/glsa/201811-21 https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2018-1065.html

CVE-2018-0733

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect