Wind River Support Network

HomeDefectsLIN10-3680
Fixed

LIN10-3680 : Security Advisory - openssl - CVE-2018-0733

Created: Apr 2, 2018    Updated: Dec 3, 2018
Resolved Date: Apr 8, 2018
Found In Version: 10.17.41.1
Fix Version: 10.17.41.6
Severity: Standard
Applicable for: Wind River Linux LTS 17
Component/s: Userspace

Description

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g).

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0733

Other Downloads


CVEs


Live chat
Online