First Last Prev Next    This bug is not in your last search results.
Bug 1087106 - (CVE-2018-0733) VUL-0: CVE-2018-0733: openssl: Incorrect CRYPTO_memcmp on HP-UX PA-RISC
(CVE-2018-0733)
VUL-0: CVE-2018-0733: openssl: Incorrect CRYPTO_memcmp on HP-UX PA-RISC
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Vítězslav Čížek
Security Team bot
https://smash.suse.de/issue/202784/
CVSSv3:RedHat:CVE-2018-0733:4.8:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-03-27 14:14 UTC by Marcus Meissner
Modified: 2019-05-29 08:34 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-03-27 14:14:53 UTC 
CVE-2018-0733


Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
========================================================

Severity: Moderate

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
effectively reduced to only comparing the least significant bit of each byte.
This allows an attacker to forge messages that would be considered as
authenticated in an amount of tries lower than that guaranteed by the security
claims of the scheme. The module can only be compiled by the HP-UX assembler, so
that only HP-UX PA-RISC targets are affected.

OpenSSL 1.1.0 users should upgrade to 1.1.0h

This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg (IBM).
The fix was developed by Andy Polyakov of the OpenSSL development team.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0733
Comment 1 Marcus Meissner 2018-03-27 14:15:11 UTC 
HPUX only.
First Last Prev Next    This bug is not in your last search results.