GitHub Advisory DatabaseGHSA-MMRQ-6999-72V8

HistoryMay 13, 2022 - 1:50 a.m.

Ruby Openssl Allows Incorrect Value Comparison

2022-05-1301:50:20

GitHub Advisory Database

github.com

ruby

openssl

x509

name

comparison

security

software

illegitimate certificate

encryption operations

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

82.8%

JSON

An issue was discovered in the OpenSSL library in Ruby when two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.

Affected configurations

Vulners

Node

opensslopensslRange2.1.0–2.1.2

opensslopensslRange<2.0.9

VendorProductVersionCPE
opensslopenssl*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openssl	openssl	*	cpe:2.3:a:openssl:openssl::::::::

References

lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html

access.redhat.com/errata/RHSA-2018:3729

access.redhat.com/errata/RHSA-2018:3730

access.redhat.com/errata/RHSA-2018:3731

access.redhat.com/errata/RHSA-2018:3738

access.redhat.com/errata/RHSA-2019:1948

access.redhat.com/errata/RHSA-2019:2565

github.com/advisories/GHSA-mmrq-6999-72v8

github.com/ruby/openssl/commit/f653cfa43f0f20e8c440122ea982382b6228e7f5

github.com/rubysec/ruby-advisory-db/blob/master/gems/openssl/CVE-2018-16395.yml

hackerone.com/reports/387250

lists.debian.org/debian-lts-announce/2018/10/msg00020.html

nvd.nist.gov/vuln/detail/CVE-2018-16395

security.netapp.com/advisory/ntap-20190221-0002/

usn.ubuntu.com/3808-1/

web.archive.org/web/20211206015239/https://securitytracker.com/id/1042105

www.debian.org/security/2018/dsa-4332

www.oracle.com/security-alerts/cpujan2020.html

www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/

www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/

www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/

www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/

www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

82.8%

JSON

Ruby Openssl Allows Incorrect Value Comparison

Affected configurations

References

Related