QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-0733

Back to search

CVE-2018-0733

Published: Mar 27, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g).

VendorProductVersions

OpenSSL

OpenSSL

affected
Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)

References

GLSA-201811-21
vendor-advisory
x_refsource_GENTOO
103517
vdb-entry
x_refsource_BID
1040576
vdb-entry
x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now
CVE-2018-0733 - Security Vulnerability | QwikSec