Wind River Support Network

Home CVE Database CVE-2018-16395

CVE-2018-16395

Description

An instance of OpenSSL::X509::Name contains entities such as CN, C and so on. Some two instances of OpenSSL::X509::Name are equal only when all entities are exactly equal. However, there is a bug that the equality check is not correct if the value of an entity of the argument (right-hand side) starts with the value of the receiver (left-hand side). So, if a malicious X.509 certificate is passed to compare with an existing certificate, there is a possibility to be judged incorrectly that they are equal.

Priority: HIGH

CVSS v3: 9.8

Publish Date: Nov 11, 2018

Related ID: --

CVSS v2: CRITICAL

Modified Date: Nov 11, 2018

Find out more about CVE-2018-16395 from the MITRE-CVE dictionary and NIST NVD

Products Affected

Product Name	Status	Defect	Fixed	Downloads
Linux
Wind River Linux LTS 17	Fixed	LIN10-4998	10.17.41.13	Wind River Linux LTS 10.17.41.13 Wind River Linux LTS 10.17.41.14 Wind River Linux LTS 10.17.41.15 Wind River Linux LTS 10.17.41.16 Wind River Linux LTS 10.17.41.17 Wind River Linux LTS 10.17.41.18 Wind River Linux LTS 10.17.41.20 Wind River Linux LTS 10.17.41.21 Wind River Linux LTS 10.17.41.22
Wind River Linux 9	Fixed	LIN9-7745	9.0.0.19	Wind River Linux 9.0.0.19 Wind River Linux 9.0.0.20 Wind River Linux 9.0.0.21 Wind River Linux 9.0.0.22 Wind River Linux 9.0.0.23 Wind River Linux 9.0.0.24 Wind River Linux 9.0.0.25
Wind River Linux 8	Fixed	LIN8-10070	8.0.0.28	Wind River Linux 8.0.0.28 Wind River Linux 8.0.0.29 Wind River Linux 8.0.0.30 Wind River Linux 8.0.0.31 Wind River Linux 8.0.0.32 Wind River Linux 8.0.0.33
Wind River Linux LTS 18	Fixed	LIN1018-2957	10.18.44.4	--
Wind River Linux LTS 19	Not Vulnerable	--	--	--
Wind River Linux CD release	Not Vulnerable	--	--	--
VxWorks
VxWorks 7	Not Vulnerable	--	--	--
VxWorks 6.9	Not Vulnerable	--	--	--

Related Products

Product Name	Status	Defect	Fixed	Downloads
Linux 7 SCP	Not Vulnerable	--	--	--
Linux 7 CGP	Not Vulnerable	--	--	--

Comments

ruby