vulnerability

Oracle Solaris 11: CVE-2018-16395: Vulnerability in Ruby

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	2018-11-16	2019-02-20	2022-02-17

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

2018-11-16

Added

2019-02-20

Modified

2022-02-17

Description

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.

Solution(s)

oracle-solaris-11-4-upgrade-runtime-ruby-23-2-3-8-11-4-6-0-1-1-0oracle-solaris-11-4-upgrade-runtime-ruby-23-ruby-tk-2-3-8-11-4-6-0-1-1-0

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today