CVE-2018-16395
ruby: OpenSSL::X509:: Name equality check does not work correctly
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
Se ha descubierto un problema en la biblioteca OpenSSL en Ruby, en versiones anteriores a la 2.3.8, versiones 2.4.x anteriores a la 2.4.5, versiones 2.5.x anteriores a la 2.5.2 y versiones 2.6.x anteriores a la 2.6.0-preview3. Cuando dos objetos OpenSSL::X509::Name se comparan mediante ==, dependiendo del orden, los objetos que no son iguales podrían devolver "true". Cuando el primer argumento tiene un carácter más que el segundo, o el segundo argumento contiene un carácter que tiene uno menos que el carácter en la misma posición que el primer argumento, el resultado de == será "true". Esto podría aprovecharse para crear un certificado ilegítimo que podría ser aceptado como legítimo y después emplearse en operaciones de firma o cifrado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-09-03 CVE Reserved
- 2018-11-03 CVE Published
- 2024-07-05 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (21)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1042105 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20190221-0002 | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpujan2020.html | X_refsource_misc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://hackerone.com/reports/387250 | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ruby-lang Search vendor "Ruby-lang" | Openssl Search vendor "Ruby-lang" for product "Openssl" | < 2.1.2 Search vendor "Ruby-lang" for product "Openssl" and version " < 2.1.2" | ruby |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.3.0 <= 2.3.7 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.3.0 <= 2.3.7" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.4.0 <= 2.4.4 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.4.0 <= 2.4.4" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.5.0 <= 2.5.1 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.5.0 <= 2.5.1" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.6.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.6.0" | preview1 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.6.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.6.0" | preview2 |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.4 Search vendor "Redhat" for product "Enterprise Linux" and version "7.4" | - |
Affected
| ||||||