CVE-2018-16395 — Improper Certificate Validation in Openssl
Severity
9.8CRITICALNVD
EPSS
4.4%
top 10.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 16
Latest updateMay 13
Description
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leve…
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10, Enterprise Linux 7.4
Patches
🔴Vulnerability Details
5📋Vendor Advisories
4Oracle
▶
Microsoft▶
An issue was discovered in the OpenSSL library in Ruby before 2.3.8 2.4.x before 2.4.5 2.5.x before 2.5.2 and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using == de↗2018-11-13