CVE-2018-16395

16.11.2018, 18:29

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 88%

Affected Products (NVD)

Vendor	Product	Version
ruby-lang	openssl	𝑥 < 2.1.2
ruby-lang	ruby	2.3.0 ≤ 𝑥 ≤ 2.3.7
ruby-lang	ruby	2.4.0 ≤ 𝑥 ≤ 2.4.4
ruby-lang	ruby	2.5.0 ≤ 𝑥 ≤ 2.5.1
ruby-lang	ruby	2.6.0:preview1
ruby-lang	ruby	2.6.0:preview2
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	18.10
debian	debian_linux	8.0
debian	debian_linux	9.0
redhat	enterprise_linux	7.4

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

ruby-openssl

bionic	needs-triage
cosmic	ignored
disco	not-affected
eoan	not-affected
focal	dne
groovy	dne
hirsute	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	dne
xenial	dne

ruby1.9.1

bionic	dne
cosmic	dne
disco	dne
eoan	dne
focal	dne
groovy	dne
hirsute	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	Fixed 1.9.3.484-2ubuntu1.13 released
xenial	dne

ruby2.0

bionic	dne
cosmic	dne
disco	dne
eoan	dne
focal	dne
groovy	dne
hirsute	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	Fixed 2.0.0.484-1ubuntu2.11 released
xenial	dne

ruby2.3

bionic	dne
cosmic	dne
disco	dne
eoan	dne
focal	dne
groovy	dne
hirsute	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	dne
xenial	Fixed 2.3.1-2~16.04.11 released

ruby2.5

bionic	Fixed 2.5.1-1ubuntu1.1 released
cosmic	Fixed 2.5.1-5ubuntu4.1 released
disco	Fixed 2.5.1-6ubuntu3 released
eoan	Fixed 2.5.1-6ubuntu3 released
focal	dne
groovy	dne
hirsute	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	dne
xenial	dne

openSUSE / SLES Releases

openSUSE Product

Release

libruby2_1-2_1

suse enterprise sap 12 SP4	2.1.9-19.3.2 fixed
suse enterprise sap 12 SP5	2.1.9-19.3.2 fixed
suse enterprise server 12 SP2	2.1.9-19.3.2 fixed
suse enterprise server 12 SP3	2.1.9-19.3.2 fixed
suse enterprise server 12 SP4	2.1.9-19.3.2 fixed
suse enterprise server 12 SP5	2.1.9-19.3.2 fixed

libruby2_5-2_5

suse enterprise desktop 15	2.5.5-4.3.1 fixed
suse enterprise desktop 15 SP1	2.5.5-4.3.1 fixed
suse enterprise desktop 15 SP2	2.5.5-4.3.1 fixed
suse enterprise desktop 15 SP3	2.5.5-4.3.1 fixed
suse enterprise desktop 15 SP4	2.5.5-4.3.1 fixed
suse enterprise desktop 15 SP5	2.5.5-4.3.1 fixed
suse enterprise desktop 15 SP6	2.5.5-4.3.1 fixed
suse enterprise desktop 15 SP7	2.5.9-150700.22.16 fixed
suse enterprise sap 15	2.5.5-4.3.1 fixed
suse enterprise sap 15 SP1	2.5.5-4.3.1 fixed
suse enterprise sap 15 SP2	2.5.5-4.3.1 fixed
suse enterprise sap 15 SP3	2.5.5-4.3.1 fixed
suse enterprise sap 15 SP4	2.5.5-4.3.1 fixed
suse enterprise sap 15 SP5	2.5.5-4.3.1 fixed
suse enterprise sap 15 SP6	2.5.5-4.3.1 fixed
suse enterprise sap 15 SP7	2.5.9-150700.22.16 fixed
suse enterprise server 15	2.5.5-4.3.1 fixed
suse enterprise server 15 SP1	2.5.5-4.3.1 fixed
suse enterprise server 15 SP2	2.5.5-4.3.1 fixed
suse enterprise server 15 SP3	2.5.5-4.3.1 fixed
suse enterprise server 15 SP4	2.5.5-4.3.1 fixed
suse enterprise server 15 SP5	2.5.5-4.3.1 fixed
suse enterprise server 15 SP6	2.5.5-4.3.1 fixed
suse enterprise server 15 SP7	2.5.9-150700.22.16 fixed