CVE-2018-16395
published 2018-11-16CVE-2018-16395: An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two…
PriorityP351critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
10.71%
95.3th percentile
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_openssl_1.1.1k-5_on_cbl_mariner_1.0 | — | — |
| openssl | openssl | >= 0 < 2.0.9 | 2.0.9 |
| openssl | openssl | >= 2.1.0 < 2.1.2 | 2.1.2 |
| redhat | enterprise_linux | — | — |
| ruby-lang | openssl | < 2.1.2 | 2.1.2 |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | >= 0 < 2.5.2-r0 | 2.5.2-r0 |
| ruby-lang | ruby | >= 0 < 2.5.2-r0 | 2.5.2-r0 |
| ruby-lang | ruby | >= 0 < 2.5.2-r0 | 2.5.2-r0 |
| ruby-lang | ruby | >= 0 < 2.5.2-r0 | 2.5.2-r0 |
| ruby-lang | ruby | >= 0 < 2.5.2-r0 | 2.5.2-r0 |
| ruby-lang | ruby | >= 0 < 2.5.2-r0 | 2.5.2-r0 |
| ruby-lang | ruby | >= 0 < 2.5.2-r0 | 2.5.2-r0 |
| ruby-lang | ruby | >= 0 < 2.5.2-r0 | 2.5.2-r0 |
| ruby-lang | ruby | >= 0 < 2.5.2-r0 | 2.5.2-r0 |
| ruby-lang | ruby | >= 0 < 2.5.2-r0 | 2.5.2-r0 |
| ruby-lang | ruby | >= 0 < 2.5.2-r0 | 2.5.2-r0 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_msrc9.8CRITICAL
vendor_oracle9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Ruby Openssl Allows Incorrect Value Comparison
ghsa·2022-05-13
CVE-2018-16395 [CRITICAL] Ruby Openssl Allows Incorrect Value Comparison
Ruby Openssl Allows Incorrect Value Comparison
An issue was discovered in the OpenSSL library in Ruby when two `OpenSSL::X509::Name` objects are compared using `==`, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of `==` will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
OSV
Ruby Openssl Allows Incorrect Value Comparison
osv·2022-05-13
CVE-2018-16395 [CRITICAL] Ruby Openssl Allows Incorrect Value Comparison
Ruby Openssl Allows Incorrect Value Comparison
An issue was discovered in the OpenSSL library in Ruby when two `OpenSSL::X509::Name` objects are compared using `==`, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of `==` will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
OSV
CVE-2018-16395: An issue was discovered in the OpenSSL library in Ruby before 2
osv·2018-11-16·CVSS 9.8
CVE-2018-16395 [CRITICAL] CVE-2018-16395: An issue was discovered in the OpenSSL library in Ruby before 2
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
OSV
ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 vulnerabilities
osv·2018-11-05·CVSS 9.8
CVE-2018-16395 [CRITICAL] ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 vulnerabilities
ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 vulnerabilities
It was discovered that Ruby incorrectly handled certain X.509
certificates. An attacker could possibly use this issue to
bypass the certificate check. (CVE-2018-16395)
It was discovered that Ruby incorrectly handled certain
inputs. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2018-16396)
Oracle
Oracle Oracle Communications Applications Risk Matrix: Security (Ruby) — CVE-2018-16395
vendor_oracle·2020-01-15·CVSS 9.8
CVE-2018-16395 [CRITICAL] Oracle Oracle Communications Applications Risk Matrix: Security (Ruby) — CVE-2018-16395
Oracle Oracle Communications Applications Risk Matrix: Security (Ruby) vulnerability
CVE: CVE-2018-16395
CVSS: 9.8
Protocol: TLS
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2020 (JAN 2020)
Microsoft
An issue was discovered in the OpenSSL library in Ruby before 2.3.8 2.4.x before 2.4.5 2.5.x before 2.5.2 and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using == de
vendor_msrc·2018-11-13·CVSS 9.8
CVE-2018-16395 [CRITICAL] An issue was discovered in the OpenSSL library in Ruby before 2.3.8 2.4.x before 2.4.5 2.5.x before 2.5.2 and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using == de
An issue was discovered in the OpenSSL library in Ruby before 2.3.8 2.4.x before 2.4.5 2.5.x before 2.5.2 and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using == depending on the ordering non-equal objects may return true. When the first argument is one character longer than the second or the second argument contains a character that is one less than a character in the same position of the first argument the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to o
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2018-11-05·CVSS 9.8
CVE-2018-16395 [CRITICAL] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
It was discovered that Ruby incorrectly handled certain X.509
certificates. An attacker could possibly use this issue to
bypass the certificate check. (CVE-2018-16395)
It was discovered that Ruby incorrectly handled certain
inputs. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2018-16396)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
ruby: OpenSSL::X509:: Name equality check does not work correctly
vendor_redhat·2018-10-17·CVSS 9.8
CVE-2018-16395 [CRITICAL] CWE-295 ruby: OpenSSL::X509:: Name equality check does not work correctly
ruby: OpenSSL::X509:: Name equality check does not work correctly
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
Statement: Subscription Asset Manager is now in a reduced support phase receiving only Critical impact
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-16395 ruby: OpenSSL::X509::Name equality check does not work correctly
bugzilla·2018-10-25·CVSS 9.8
CVE-2018-16395 [CRITICAL] CVE-2018-16395 ruby: OpenSSL::X509::Name equality check does not work correctly
CVE-2018-16395 ruby: OpenSSL::X509::Name equality check does not work correctly
An instance of OpenSSL::X509::Name contains entities such as CN, C and so on. Some two instances of OpenSSL::X509::Name are equal only when all entities are exactly equal. However, there is a bug that the equality check is not correct if the value of an entity of the argument (right-hand side) starts with the value of the receiver (left-hand side). So, if a malicious X.509 certificate is passed to compare with an existing certificate, there is a possibility to be judged incorrectly that they are equal.
External References:
https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/
Discussion:
Created ruby tracking bugs for this issue:
Affects: fed
Bugzilla
CVE-2018-16395 CVE-2018-16396 ruby: various flaws [fedora-all]
bugzilla·2018-10-25·CVSS 9.8
CVE-2018-16395 [CRITICAL] CVE-2018-16395 CVE-2018-16396 ruby: various flaws [fedora-all]
CVE-2018-16395 CVE-2018-16396 ruby: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. Whi
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.htmlhttp://www.securitytracker.com/id/1042105https://access.redhat.com/errata/RHSA-2018:3729https://access.redhat.com/errata/RHSA-2018:3730https://access.redhat.com/errata/RHSA-2018:3731https://access.redhat.com/errata/RHSA-2018:3738https://access.redhat.com/errata/RHSA-2019:1948https://access.redhat.com/errata/RHSA-2019:2565https://hackerone.com/reports/387250https://lists.debian.org/debian-lts-announce/2018/10/msg00020.htmlhttps://security.netapp.com/advisory/ntap-20190221-0002/https://usn.ubuntu.com/3808-1/https://www.debian.org/security/2018/dsa-4332https://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.htmlhttp://www.securitytracker.com/id/1042105https://access.redhat.com/errata/RHSA-2018:3729https://access.redhat.com/errata/RHSA-2018:3730https://access.redhat.com/errata/RHSA-2018:3731https://access.redhat.com/errata/RHSA-2018:3738https://access.redhat.com/errata/RHSA-2019:1948https://access.redhat.com/errata/RHSA-2019:2565https://hackerone.com/reports/387250https://lists.debian.org/debian-lts-announce/2018/10/msg00020.htmlhttps://security.netapp.com/advisory/ntap-20190221-0002/https://usn.ubuntu.com/3808-1/https://www.debian.org/security/2018/dsa-4332https://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/
2018-11-16
Published