CVE-2018-0733 (Medium) detected in openssl-OpenSSL_1_1_1b #2
Description
CVE-2018-0733 - Medium Severity Vulnerability
Vulnerable Library - opensslOpenSSL_1_1_1b
TLS/SSL and crypto library
Library home page: https://github.com/openssl/openssl.git
Found in HEAD commit: cb5ba2849f0d9a1493698884b9d93b345b281395
Library Source Files (497)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /openssl/crypto/sha/asm/sha512p8-ppc.pl
- /openssl/crypto/pkcs12/pk12err.c
- /openssl/test/x509aux.c
- /openssl/test/ssl-tests/protocol_version.pm
- /openssl/crypto/include/internal/aria.h
- /openssl/crypto/dllmain.c
- /openssl/crypto/aes/asm/aes-armv4.pl
- /openssl/test/sslcorrupttest.c
- /openssl/crypto/x86cpuid.pl
- /openssl/doc/man3/RAND_load_file.pod
- /openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod
- /openssl/test/sslbuffertest.c
- /openssl/crypto/evp/pbe_scrypt.c
- /openssl/doc/man3/RSA_get0_key.pod
- /openssl/doc/man3/PKCS5_PBKDF2_HMAC.pod
- /openssl/crypto/ec/ec2_smpl.c
- /openssl/ssl/pqueue.c
- /openssl/doc/man3/EVP_PKEY_meth_new.pod
- /openssl/doc/man3/EVP_bf_cbc.pod
- /openssl/crypto/include/internal/x509_int.h
- /openssl/crypto/threads_win.c
- /openssl/doc/man3/SSL_get_ciphers.pod
- /openssl/test/ctype_internal_test.c
- /openssl/doc/man3/DSA_sign.pod
- /openssl/crypto/store/store_init.c
- /openssl/test/ssltest_old.c
- /openssl/fuzz/test-corpus.c
- /openssl/crypto/rsa/rsa_ssl.c
- /openssl/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod
- /openssl/doc/man3/SSL_get_shared_sigalgs.pod
- /openssl/crypto/evp/bio_ok.c
- /openssl/doc/man3/RAND_set_rand_method.pod
- /openssl/crypto/store/store_locl.h
- /openssl/engines/asm/e_padlock-x86.pl
- /openssl/test/sm4_internal_test.c
- /openssl/doc/man3/BIO_connect.pod
- /openssl/test/asn1_internal_test.c
- /openssl/crypto/x509v3/v3_conf.c
- /openssl/crypto/engine/eng_all.c
- /openssl/crypto/chacha/asm/chacha-x86.pl
- /openssl/crypto/siphash/siphash_pmeth.c
- /openssl/doc/man3/SSL_connect.pod
- /openssl/doc/man3/UI_STRING.pod
- /openssl/doc/man1/pkeyparam.pod
- /openssl/crypto/sha/asm/sha1-586.pl
- /openssl/crypto/sha/asm/keccak1600-armv4.pl
- /openssl/doc/man3/BN_generate_prime.pod
- /openssl/crypto/ts/ts_rsp_sign.c
- /openssl/ssl/ssl_asn1.c
- /openssl/crypto/asn1/asn_moid.c
- /openssl/doc/man1/ts.pod
- /openssl/crypto/bn/bn_rand.c
- /openssl/crypto/evp/p_lib.c
- /openssl/crypto/rsa/rsa_err.c
- /openssl/crypto/include/internal/store_int.h
- /openssl/crypto/bn/bn_x931p.c
- /openssl/doc/man3/BN_rand.pod
- /openssl/test/secmemtest.c
- /openssl/doc/man3/X509_get_extension_flags.pod
- /openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod
- /openssl/crypto/evp/evp_lib.c
- /openssl/crypto/poly1305/poly1305_pmeth.c
- /openssl/crypto/x509/x509_v3.c
- /openssl/doc/man3/DH_meth_new.pod
- /openssl/include/openssl/err.h
- /openssl/crypto/x509/x509type.c
- /openssl/doc/man3/EVP_rc2_cbc.pod
- /openssl/crypto/bn/asm/ppc64-mont.pl
- /openssl/crypto/include/internal/asn1_int.h
- /openssl/include/internal/o_dir.h
- /openssl/crypto/asn1/standard_methods.h
- /openssl/crypto/x509/x509_cmp.c
- /openssl/crypto/sha/asm/keccak1600-x86_64.pl
- /openssl/crypto/sha/asm/sha1-mips.pl
- /openssl/crypto/kdf/kdf_err.c
- /openssl/crypto/bn/asm/ia64-mont.pl
- /openssl/crypto/threads_pthread.c
- /openssl/ms/uplink-x86.pl
- /openssl/doc/man3/OBJ_nid2obj.pod
- /openssl/crypto/lhash/lhash.c
- /openssl/test/recipes/30-test_evp.t
- /openssl/crypto/ppccap.c
- /openssl/crypto/ec/asm/ecp_nistz256-ppc64.pl
- /openssl/crypto/bn/asm/ppc.pl
- /openssl/crypto/pariscid.pl
- /openssl/test/recipes/03-test_internal_chacha.t
- /openssl/doc/man3/SSL_CTX_set1_curves.pod
- /openssl/crypto/engine/eng_err.c
- /openssl/crypto/pem/pem_pkey.c
- /openssl/doc/man3/SSL_export_keying_material.pod
- /openssl/crypto/ui/ui_openssl.c
- /openssl/crypto/buffer/buffer.c
- /openssl/doc/man3/EC_POINT_new.pod
- /openssl/doc/man3/PEM_read_CMS.pod
- /openssl/fuzz/client.c
- /openssl/crypto/bn/bn_prime.pl
- /openssl/crypto/bn/asm/via-mont.pl
- /openssl/test/uitest.c
- /openssl/crypto/sha/asm/keccak1600-avx512.pl
- /openssl/doc/man3/OSSL_STORE_LOADER.pod
- /openssl/fuzz/driver.c
- /openssl/crypto/dsa/dsa_err.c
- /openssl/doc/man3/EVP_sm3.pod
- /openssl/doc/man3/CRYPTO_get_ex_new_index.pod
- /openssl/test/evp_test.c
- /openssl/crypto/rsa/rsa_pmeth.c
- /openssl/ssl/packet_locl.h
- /openssl/crypto/x509v3/v3_asid.c
- /openssl/crypto/ec/asm/ecp_nistz256-avx2.pl
- /openssl/util/ck_errf.pl
- /openssl/crypto/rc4/asm/rc4-c64xplus.pl
- /openssl/doc/man1/gendsa.pod
- /openssl/test/ecdsatest.c
- /openssl/doc/man3/SSL_CTX_use_psk_identity_hint.pod
- /openssl/crypto/async/async.c
- /openssl/crypto/modes/gcm128.c
- /openssl/test/recordlentest.c
- /openssl/test/pkey_meth_test.c
- /openssl/crypto/stack/stack.c
- /openssl/doc/man3/SSL_SESSION_get_protocol_version.pod
- /openssl/crypto/rsa/rsa_ossl.c
- /openssl/crypto/ec/ec_oct.c
- /openssl/doc/man3/EVP_des.pod
- /openssl/test/recipes/15-test_genrsa.t
- /openssl/crypto/evp/bio_enc.c
- /openssl/crypto/comp/comp_err.c
- /openssl/doc/man3/SSL_check_chain.pod
- /openssl/doc/man3/SSL_CTX_set_mode.pod
- /openssl/doc/man1/ciphers.pod
- /openssl/crypto/bn/bn_gcd.c
- /openssl/doc/man1/dgst.pod
- /openssl/crypto/bn/bn_sqr.c
- /openssl/crypto/ec/asm/ecp_nistz256-armv4.pl
- /openssl/crypto/x509/x509_vpm.c
- /openssl/doc/man1/pkeyutl.pod
- /openssl/doc/man7/RSA-PSS.pod
- /openssl/crypto/aes/asm/aes-parisc.pl
- /openssl/doc/man7/x509.pod
- /openssl/doc/man3/OPENSSL_config.pod
- /openssl/ssl/d1_lib.c
- /openssl/crypto/asn1/tasn_dec.c
- /openssl/doc/man3/DSA_get0_pqg.pod
- /openssl/doc/man3/ASN1_STRING_length.pod
- /openssl/crypto/bn/asm/rsaz-avx2.pl
- /openssl/crypto/x509/x_x509.c
- /openssl/doc/man3/EVP_md5.pod
- /openssl/ssl/ssl_cert_table.h
- /openssl/crypto/ui/ui_lib.c
- /openssl/crypto/pem/pem_lib.c
- /openssl/crypto/bn/asm/mips-mont.pl
- /openssl/crypto/conf/conf_api.c
- /openssl/ssl/t1_enc.c
- /openssl/test/constant_time_test.c
- /openssl/test/dtlsv1listentest.c
- /openssl/crypto/ec/ec2_oct.c
- /openssl/crypto/asn1/p5_scrypt.c
- /openssl/crypto/rsa/rsa_oaep.c
- /openssl/test/recipes/25-test_req.t
- /openssl/fuzz/server.c
- /openssl/crypto/bn/asm/sparct4-mont.pl
- /openssl/test/ssl_test_ctx_test.c
- /openssl/crypto/evp/evp_pbe.c
- /openssl/crypto/x509/x509_lcl.h
- /openssl/crypto/asn1/x_int64.c
- /openssl/crypto/dh/dh_lib.c
- /openssl/crypto/cms/cms_lcl.h
- /openssl/crypto/ec/ecp_mont.c
- /openssl/test/recipes/90-test_store.t
- /openssl/doc/man3/EVP_SignInit.pod
- /openssl/doc/man1/ca.pod
- /openssl/crypto/sha/asm/keccak1600p8-ppc.pl
- /openssl/test/recipes/70-test_servername.t
- /openssl/test/dtls_mtu_test.c
- /openssl/doc/man3/SSL_get_current_cipher.pod
- /openssl/crypto/hmac/hm_ameth.c
- /openssl/crypto/sha/asm/keccak1600-ppc64.pl
- /openssl/doc/man3/SSL_CTX_set_info_callback.pod
- /openssl/test/run_tests.pl
- /openssl/doc/man3/SSL_in_init.pod
- /openssl/crypto/pkcs7/pk7_doit.c
- /openssl/crypto/evp/digest.c
- /openssl/doc/man3/EVP_aria.pod
- /openssl/doc/man3/SSL_read.pod
- /openssl/doc/man1/storeutl.pod
- /openssl/crypto/siphash/siphash.c
- /openssl/crypto/perlasm/x86_64-xlate.pl
- /openssl/doc/man3/EVP_cast5_cbc.pod
- /openssl/crypto/pkcs7/pk7_lib.c
- /openssl/crypto/bio/bf_nbio.c
- /openssl/crypto/objects/objects.pl
- /openssl/crypto/hmac/hmac.c
- /openssl/crypto/x509/x509name.c
- /openssl/doc/man1/genpkey.pod
- /openssl/test/ecstresstest.c
- /openssl/crypto/rsa/rsa_mp.c
- /openssl/crypto/evp/m_sha3.c
- /openssl/crypto/engine/eng_int.h
- /openssl/crypto/conf/conf_lib.c
- /openssl/crypto/async/async_err.c
- /openssl/crypto/evp/m_sigver.c
- /openssl/crypto/kdf/tls1_prf.c
- /openssl/test/rsa_mp_test.c
- /openssl/doc/man3/OPENSSL_malloc.pod
- /openssl/crypto/x509v3/v3_ncons.c
- /openssl/crypto/rand/rand_vms.c
- /openssl/crypto/bn/bn_recp.c
- /openssl/test/pemtest.c
- /openssl/crypto/evp/p_seal.c
- /openssl/test/recipes/03-test_internal_siphash.t
- /openssl/include/internal/dso.h
- /openssl/crypto/asn1/a_object.c
- /openssl/crypto/ec/ec2_mult.c
- /openssl/doc/man1/passwd.pod
- /openssl/crypto/include/internal/rand_int.h
- /openssl/crypto/x509v3/v3_cpols.c
- /openssl/doc/man1/openssl.pod
- /openssl/doc/man3/SSL_get_session.pod
- /openssl/doc/man7/ossl_store.pod
- /openssl/crypto/bn/bn_mod.c
- /openssl/test/recipes/03-test_internal_sm4.t
- /openssl/crypto/x86_64cpuid.pl
- /openssl/crypto/ec/ec_cvt.c
- /openssl/test/cipherbytes_test.c
- /openssl/e_os.h
- /openssl/test/ssl_test.c
- /openssl/crypto/poly1305/poly1305.c
- /openssl/test/ectest.c
- /openssl/doc/man3/SSL_set1_host.pod
- /openssl/crypto/ec/ec_curve.c
- /openssl/crypto/bn/bn_blind.c
- /openssl/doc/man3/RAND_bytes.pod
- /openssl/crypto/uid.c
- /openssl/test/x509_check_cert_pkey_test.c
- /openssl/ssl/record/ssl3_record_tls13.c
- /openssl/test/cipher_overhead_test.c
- /openssl/test/chacha_internal_test.c
- /openssl/doc/man3/RAND_add.pod
- /openssl/crypto/engine/eng_devcrypto.c
- /openssl/crypto/asn1/a_strnid.c
- /openssl/crypto/siphash/siphash_ameth.c
- /openssl/doc/man3/EVP_seed_cbc.pod
- /openssl/crypto/bn/bn_nist.c
- /openssl/crypto/bn/asm/parisc-mont.pl
- /openssl/doc/man3/SSL_CTX_set0_CA_list.pod
- /openssl/doc/man3/ECDSA_SIG_new.pod
- /openssl/crypto/pem/pem_err.c
- /openssl/crypto/engine/eng_table.c
- /openssl/crypto/bn/asm/s390x-mont.pl
- /openssl/ssl/packet.c
- /openssl/test/exdatatest.c
- /openssl/crypto/cpt_err.c
- /openssl/crypto/x509v3/v3err.c
- /openssl/doc/man3/SSL_get_client_CA_list.pod
- /openssl/crypto/include/internal/evp_int.h
- /openssl/test/ssltestlib.h
- /openssl/test/stack_test.c
- /openssl/crypto/sha/asm/sha512-parisc.pl
- /openssl/doc/man3/SSL_write.pod
- /openssl/crypto/evp/e_aria.c
- /openssl/doc/man3/SSL_CTX_set_cipher_list.pod
- /openssl/crypto/bn/bn_div.c
- /openssl/test/shlibloadtest.c
- /openssl/doc/man3/BN_bn2bin.pod
- /openssl/test/recipes/15-test_dsa.t
- /openssl/doc/man3/OSSL_STORE_open.pod
- /openssl/crypto/rand/rand_unix.c
- /openssl/crypto/bn/asm/x86_64-mont.pl
- /openssl/doc/man3/ASN1_TIME_set.pod
- /openssl/crypto/rsa/rsa_gen.c
- /openssl/doc/man1/sess_id.pod
- /openssl/doc/man3/SSL_get_version.pod
- /openssl/doc/man7/scrypt.pod
- /openssl/crypto/sha/asm/sha256-586.pl
- /openssl/doc/man3/SSL_shutdown.pod
- /openssl/crypto/dso/dso_dlfcn.c
- /openssl/crypto/dsa/dsa_sign.c
- /openssl/test/asn1_string_table_test.c
- /openssl/test/recipes/02-test_internal_ctype.t
- /openssl/ms/segrenam.pl
- /openssl/doc/man3/EVP_sm4_cbc.pod
- /openssl/ssl/ssl_sess.c
- /openssl/doc/man5/config.pod
- /openssl/doc/man3/BIO_s_file.pod
- /openssl/doc/man3/EVP_EncryptInit.pod
- /openssl/doc/man1/pkcs8.pod
- /openssl/test/verify_extra_test.c
- /openssl/crypto/txt_db/txt_db.c
- /openssl/include/openssl/x509.h
- /openssl/crypto/LPdir_unix.c
- /openssl/fuzz/mkfuzzoids.pl
- /openssl/crypto/ec/ec_key.c
- /openssl/doc/man3/OPENSSL_init_crypto.pod
- /openssl/crypto/bn/rsaz_exp.h
- /openssl/doc/man1/rsa.pod
- /openssl/crypto/kdf/scrypt.c
- /openssl/crypto/perlasm/ppc-xlate.pl
- /openssl/crypto/bn/bn_lcl.h
- /openssl/crypto/threads_none.c
- /openssl/crypto/rand/rand_egd.c
- /openssl/crypto/x509v3/pcy_data.c
- /openssl/crypto/store/store_err.c
- /openssl/crypto/ec/ecdh_ossl.c
- /openssl/test/ssltestlib.c
- /openssl/test/handshake_helper.h
- /openssl/doc/man3/SSL_CTX_set_client_CA_list.pod
- /openssl/test/packettest.c
- /openssl/crypto/rsa/rsa_ameth.c
- /openssl/doc/man3/PEM_bytes_read_bio.pod
- /openssl/crypto/srp/srp_vfy.c
- /openssl/doc/man1/genrsa.pod
- /openssl/test/lhash_test.c
- /openssl/include/openssl/ossl_typ.h
- /openssl/crypto/bn/bn_prime.c
- /openssl/test/evp_extra_test.c
- /openssl/crypto/modes/asm/ghashp8-ppc.pl
- /openssl/crypto/evp/e_camellia.c
- /openssl/crypto/bn/bn_err.c
- /openssl/doc/man3/EVP_camellia.pod
- /openssl/test/recipes/25-test_verify.t
- /openssl/crypto/x509/x_name.c
- /openssl/doc/man1/s_server.pod
- /openssl/crypto/sha/asm/sha512-mips.pl
- /openssl/crypto/include/internal/bn_int.h
- /openssl/crypto/dsa/dsa_lib.c
- /openssl/test/recipes/03-test_internal_asn1.t
- /openssl/doc/man3/SSL_get_error.pod
- /openssl/crypto/bn/asm/alpha-mont.pl
- /openssl/doc/man3/EVP_idea_cbc.pod
- /openssl/crypto/rsa/rsa_meth.c
- /openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl
- /openssl/doc/man3/SSL_get_peer_signature_nid.pod
- /openssl/crypto/bn/asm/x86_64-gcc.c
- /openssl/crypto/store/loader_file.c
- /openssl/test/recipes/99-test_fuzz.t
- /openssl/test/tls13ccstest.c
- /openssl/crypto/engine/eng_openssl.c
- /openssl/util/dofile.pl
- /openssl/doc/man1/speed.pod
- /openssl/doc/man1/crl.pod
- /openssl/apps/app_rand.c
- /openssl/crypto/cms/cms_env.c
- /openssl/doc/man3/X509_cmp_time.pod
- /openssl/test/ssl_cert_table_internal_test.c
- /openssl/crypto/sha/asm/keccak1600-avx2.pl
- /openssl/ssl/record/rec_layer_d1.c
- /openssl/crypto/rc4/asm/rc4-parisc.pl
- /openssl/crypto/evp/encode.c
- /openssl/crypto/chacha/asm/chacha-x86_64.pl
- /openssl/test/recipes/03-test_internal_x509.t
- /openssl/crypto/bio/bss_conn.c
- /openssl/test/sanitytest.c
- /openssl/crypto/kdf/hkdf.c
- /openssl/test/recipes/03-test_internal_ssl_cert_table.t
- /openssl/util/mkrc.pl
- /openssl/ssl/s3_cbc.c
- /openssl/test/recipes/03-test_internal_poly1305.t
- /openssl/crypto/objects/obj_xref.c
- /openssl/crypto/cms/cms_err.c
- /openssl/test/testutil/basic_output.c
- /openssl/test/recipes/03-test_internal_modes.t
- /openssl/crypto/evp/e_rc2.c
- /openssl/ssl/record/record_locl.h
- /openssl/crypto/conf/conf_mod.c
- /openssl/crypto/dh/dh_key.c
- /openssl/test/testutil/driver.c
- /openssl/crypto/x509v3/v3_purp.c
- /openssl/doc/man3/EVP_aes.pod
- /openssl/crypto/x509/x509_err.c
- /openssl/crypto/ec/ecp_oct.c
- /openssl/crypto/include/internal/siphash.h
- /openssl/doc/man3/EVP_DigestSignInit.pod
- /openssl/crypto/asn1/asn1_err.c
- /openssl/test/dhtest.c
- /openssl/crypto/evp/bio_b64.c
- /openssl/crypto/x509/x509_vfy.c
- /openssl/doc/man3/SSL_set_bio.pod
- /openssl/crypto/sha/asm/sha1-parisc.pl
- /openssl/crypto/x509v3/v3_lib.c
- /openssl/doc/man3/SSL_get_server_tmp_key.pod
- /openssl/doc/man3/DH_get0_pqg.pod
- /openssl/crypto/pem/pem_pk8.c
- /openssl/test/mdc2_internal_test.c
- /openssl/crypto/bn/asm/x86-mont.pl
- /openssl/test/asn1_encode_test.c
- /openssl/crypto/ec/asm/ecp_nistz256-x86.pl
- /openssl/doc/man1/s_time.pod
- /openssl/crypto/ocsp/ocsp_cl.c
- /openssl/crypto/rand/rand_win.c
- /openssl/apps/s_apps.h
- /openssl/crypto/rsa/rsa_lib.c
- /openssl/util/process_docs.pl
- /openssl/doc/man3/EVP_PKEY_ASN1_METHOD.pod
- /openssl/doc/man3/EVP_DigestVerifyInit.pod
- /openssl/crypto/evp/pmeth_lib.c
- /openssl/test/ciphername_test.c
- /openssl/crypto/dsa/dsa_ossl.c
- /openssl/crypto/ec/ec_ameth.c
- /openssl/crypto/conf/conf_err.c
- /openssl/crypto/aes/asm/aes-mips.pl
- /openssl/test/x509_time_test.c
- /openssl/crypto/asn1/tasn_utl.c
- /openssl/crypto/bn/bn_sqrt.c
- /openssl/doc/man3/EVP_VerifyInit.pod
- /openssl/doc/man3/OCSP_resp_find_status.pod
- /openssl/test/fatalerrtest.c
- /openssl/doc/man7/X25519.pod
- /openssl/test/pkey_meth_kdf_test.c
- /openssl/test/recipes/80-test_pkcs12.t
- /openssl/ssl/ssl_rsa.c
- /openssl/crypto/poly1305/asm/poly1305-x86.pl
- /openssl/crypto/objects/obj_err.c
- /openssl/doc/man3/X509_NAME_get_index_by_NID.pod
- /openssl/doc/man1/spkac.pod
- /openssl/crypto/include/internal/cryptlib_int.h
- /openssl/crypto/asn1/bio_asn1.c
- /openssl/crypto/x509v3/v3_tlsf.c
- /openssl/doc/man3/RSA_meth_new.pod
- /openssl/crypto/engine/eng_rdrand.c
- /openssl/crypto/engine/tb_asnmth.c
- /openssl/crypto/async/async_wait.c
- /openssl/crypto/evp/evp_enc.c
- /openssl/test/wpackettest.c
- /openssl/crypto/objects/obj_dat.pl
- /openssl/crypto/lhash/lhash_lcl.h
- /openssl/crypto/sha/asm/keccak1600-s390x.pl
- /openssl/crypto/include/internal/md32_common.h
- /openssl/crypto/ec/eck_prn.c
- /openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod
- /openssl/crypto/bn/asm/ppc-mont.pl
- /openssl/crypto/bn/bn_gf2m.c
- /openssl/util/perl/TLSProxy/ServerHello.pm
- /openssl/crypto/comp/comp_lib.c
- /openssl/doc/man3/SSL_CTX_set_read_ahead.pod
- /openssl/crypto/x509/by_dir.c
- /openssl/crypto/dh/dh_err.c
- /openssl/crypto/evp/e_chacha20_poly1305.c
- /openssl/crypto/rsa/rsa_pss.c
- /openssl/crypto/pem/pvkfmt.c
- /openssl/crypto/ec/ecx_meth.c
- /openssl/doc/man3/EVP_DigestInit.pod
- /openssl/doc/man3/SSL_set_shutdown.pod
- /openssl/test/x509_internal_test.c
- /openssl/crypto/rand/randfile.c
- /openssl/crypto/bio/b_print.c
- /openssl/test/servername_test.c
- /openssl/crypto/bn/asm/x86_64-mont5.pl
- /openssl/crypto/rsa/rsa_pk1.c
- /openssl/crypto/dsa/dsa_pmeth.c
- /openssl/ssl/ssl_mcnf.c
- /openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
- /openssl/crypto/sha/asm/keccak1600-c64x.pl
- /openssl/ssl/record/record.h
- /openssl/test/time_offset_test.c
- /openssl/doc/man1/cms.pod
- /openssl/crypto/poly1305/poly1305_ameth.c
- /openssl/crypto/modes/asm/ghashv8-armx.pl
- /openssl/crypto/bn/bn_mul.c
- /openssl/crypto/ec/ecp_smpl.c
- /openssl/crypto/objects/obj_dat.c
- /openssl/include/internal/refcount.h
- /openssl/crypto/x509/x509_lu.c
- /openssl/crypto/ui/ui_err.c
- /openssl/doc/man3/SSL_CTX_new.pod
- /openssl/test/tls13encryptiontest.c
- /openssl/crypto/conf/conf_def.c
- /openssl/crypto/dh/dh_pmeth.c
- /openssl/crypto/bn/bn_intern.c
- /openssl/ssl/tls_srp.c
- /openssl/test/asynciotest.c
- /openssl/crypto/bio/bss_mem.c
- /openssl/doc/man3/SSL_CTX_set_quiet_shutdown.pod
- /openssl/include/openssl/x509_vfy.h
- /openssl/test/dtlstest.c
- /openssl/crypto/sha/asm/keccak1600-armv8.pl
- /openssl/doc/man3/OPENSSL_LH_COMPFUNC.pod
- /openssl/crypto/objects/obj_xref.h
- /openssl/ssl/ssl_init.c
- /openssl/doc/man3/DH_generate_parameters.pod
- /openssl/crypto/bn/asm/vis3-mont.pl
- /openssl/crypto/modes/asm/ghash-parisc.pl
- /openssl/test/test_test.c
- /openssl/doc/man3/EVP_CIPHER_meth_new.pod
- /openssl/crypto/ec/ec_mult.c
- /openssl/crypto/ec/ecp_nist.c
- /openssl/crypto/store/store_lib.c
- /openssl/ssl/ssl_txt.c
- /openssl/doc/man3/DSA_meth_new.pod
- /openssl/crypto/bio/bf_lbuf.c
- /openssl/doc/man7/Ed25519.pod
- /openssl/doc/man3/SSL_CTX_use_certificate.pod
- /openssl/doc/man1/dsa.pod
- /openssl/doc/man1/ecparam.pod
- /openssl/ssl/s3_enc.c
- /openssl/crypto/x509/by_file.c
- /openssl/crypto/bn/asm/sparcv9-mont.pl
- /openssl/crypto/x509/x_pubkey.c
- /openssl/crypto/aes/asm/bsaes-armv7.pl
Vulnerability Details
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g).
Publish Date: 2018-03-27
URL: CVE-2018-0733
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0733
Release Date: 2018-03-27
Fix Resolution: OpenSSL_1_1_0h
Step up your Open Source Security Game with WhiteSource here