CVE-2018-0733 CVE-2018-0739 (OpenSSL)
- Article Number: 000015825
- Products: Sidewinder
- Last Published Date: July 10, 2018
CVE-2018-0733 - Moderate
CVE-2018-0739 - Moderate
KBA Detailed Information
The following descriptions are from openssl.org.
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
effectively reduced to only comparing the least significant bit of each byte.
This allows an attacker to forge messages that would be considered as
authenticated in an amount of tries lower than that guaranteed by the security
claims of the scheme. The module can only be compiled by the HP-UX assembler, so
that only HP-UX PA-RISC targets are affected.
Constructed ASN.1 types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. This could result in a Denial Of Service attack. There are
no such structures used within SSL/TLS that come from untrusted sources so this
is considered safe.
Hotfix and Information About Other Fixes
The following patches are available to resolve these vulnerabilities:
Sidewinder download information:
Sidewinder E-Patch download information:
User name : atl-963845ro
User password : 34bT4hF3AFJn
Server name : csftp.us.stonesoft.com