CVE-2018-0733

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
opensslCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
opensslopenssl
1.1.0 ≤
𝑥
≤ 1.1.0g
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssl
bullseye
1.1.1w-0+deb11u1
fixed
jessie
not-affected
wheezy
not-affected
bullseye (security)
1.1.1w-0+deb11u2
fixed
bookworm
3.0.14-1~deb12u1
fixed
bookworm (security)
3.0.14-1~deb12u2
fixed
sid
3.3.2-2
fixed
trixie
3.3.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openssl
artful
not-affected
xenial
not-affected
trusty
not-affected
openssl098
artful
dne
xenial
dne
trusty
dne
openssl1.0
artful
dne
xenial
dne
trusty
dne
References
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/103517
http://www.securitytracker.com/id/1040576
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f
https://security.gentoo.org/glsa/201811-21
https://security.netapp.com/advisory/ntap-20180330-0002/
https://www.openssl.org/news/secadv/20180327.txt
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.tenable.com/security/tns-2018-04
https://www.tenable.com/security/tns-2018-06
https://www.tenable.com/security/tns-2018-07
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/103517
http://www.securitytracker.com/id/1040576
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f
https://security.gentoo.org/glsa/201811-21
https://security.netapp.com/advisory/ntap-20180330-0002/
https://www.openssl.org/news/secadv/20180327.txt
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.tenable.com/security/tns-2018-04
https://www.tenable.com/security/tns-2018-06
https://www.tenable.com/security/tns-2018-07