CVE-2018-8022 — Improper Input Validation in Apache Traffic Server

CWE-20 — Improper Input Validation5 documents5 sources

Severity

7.5HIGHNVD

EPSS

6.1%

top 9.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Traffic Server Apache Software Foundation Apache Traffic Server

Timeline

PublishedAug 29

Latest updateMay 14

Description

A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDapache/traffic_server6.0.0 — 6.2.2

▶CVEListV5apache_software_foundation/apache_traffic_server6.2.2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-gw79-rp24-2pgc: A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault↗2022-05-14

▶

OSV

CVE-2018-8022: A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault↗2018-08-29

▶

CVEList

CVE-2018-8022: A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault↗2018-08-29

▶

📋Vendor Advisories

Debian

CVE-2018-8022: trafficserver - A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) ...↗2018

▶