Lucene search
Huawei TechnologiesHUAWEI-SA-20180613-01-OPENSSLHistoryJun 13, 2018 - 12:00 a.m.
Security Advisory - OpenSSL Vulnerability in Some Huawei Products
2018-06-1300:00:00
Huawei Technologies
www.huawei.com
30
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.009 Low
EPSS
Percentile
83.0%
Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive recursion. Successful exploit of this vulnerability may result in a Denial of Service attack. (Vulnerability ID: HWPSIRT-2018-03073)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2018-0739.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-01-openssl-en
Affected configurations
Node
huaweiar3200Matchv200r008c20
ORhuaweianyofficeMatch2.5.0501.0290
ORhuaweidp300Matchv500r002c00spcd00
ORhuaweieulerosMatchv200r005c00spc200
ORhuaweifusioncubeMatch3.0.0
ORhuaweifusioncubeMatch3.0.1
ORhuaweifusioncubeMatchv100r002c60rc1
ORhuaweifusioncubeMatchv100r002c60spc100
ORhuaweifusioncubeMatchv100r002c70
ORhuaweifusioncubeMatchv100r002c70u1
ORhuaweifusionsphere_openstackMatch6.5.0
ORhuaweimanageoneMatch3.0.lgbr01
ORhuaweioceanstor_5800_v3Matchv300r006c10spc100
ORhuaweioceanstor_5800_v3Matchv300r006c10spc100
ORhuaweioceanstor_5800_v3Matchv300r003c10
ORhuaweioceanstor_5800_v3Matchv300r003c20
ORhuaweioceanstor_5800_v3Matchv300r006c00
ORhuaweioceanstor_5800_v3Matchv300r006c01
ORhuaweioceanstor_5800_v3Matchv300r006c10spc100
ORhuaweioceanstor_5800_v3Matchv300r006c10spc100
ORhuaweioceanstor_5800_v3Matchv300r006c10spc100
ORhuaweioceanstor_5800_v3Matchv300r006c10spc100
ORhuaweioceanstor_5800_v3Matchv300r006c10spc100
ORhuaweioceanstor_5800_v3Matchv300r006c10spc100
ORhuaweioceanstor_5800_v3Matchv300r006c10spc100
ORhuaweioceanstor_ismMatchv300r005c00
ORhuaweioceanstor_ismMatchv300r006c00
ORhuaweioceanstor_ismMatchv300r006c10
ORhuaweioceanstor_ismMatchv300r006c20
ORhuaweioceanstor_replicationdirectorMatchv200r001c00
ORhuaweioceanstor_replicationdirectorMatchv200r001c20
ORhuaweioceanstor_ismMatchv1r2c01lhws01rc3
ORhuaweioceanstor_ismMatchv1r2c01lhws01rc6
ORhuaweismc2.0Matchv500r002c00
ORhuaweismc2.0Matchv600r006c00
ORhuaweismc2.0Matchv600r006c10
ORhuaweiups2000Matchv100r002c02
ORhuaweiups2000Matchv200r001c01
ORhuaweiups2000Matchv200r001c31
ORhuaweiups2000Matchv200r001c90
ORhuaweiups2000Matchv200r001c91
ORhuaweiespace_8950Matchv100r002c10spc001
ORhuaweiespace_8950Matchv100r002c20spc207
Related
cve
cve
CVE-2018-0739
2018-03-27 21:29:00
suse
suse
Security update for openssl (important)
2018-04-09 03:08:41
Security update for openssl (important)
2018-04-18 12:14:12
Security update for ovmf (moderate)
2018-08-06 15:11:10
openvas
openvas
openSUSE: Security Advisory for ovmf (openSUSE-SU-2018:2208-1)
2018-10-26 00:00:00
Huawei Data Communication: OpenSSL Vulnerability in Some Huawei Products (huawei-sa-20180613-01-openssl)
2020-05-26 00:00:00
Debian: Security Advisory (DSA-4158-1)
2018-03-28 00:00:00
nessus
nessus
openSUSE Security Update : ovmf (openSUSE-2019-563)
2019-03-27 00:00:00
OpenSSL 1.0.2b < 1.0.2o Vulnerability
2018-05-21 00:00:00
SUSE SLES11 Security Update : openssl (SUSE-SU-2018:0975-1)
2018-04-19 00:00:00
debian
debian
[SECURITY] [DSA 4158-1] openssl1.0 security update
2018-03-29 21:40:38
[SECURITY] [DLA 1330-1] openssl security update
2018-03-30 15:24:31
[SECURITY] [DSA 4158-1] openssl1.0 security update
2018-03-29 21:40:38
ibm
ibm
osv
osv
openssl - security update
2018-03-30 00:00:00
openssl1.0 - security update
2018-03-29 00:00:00
openssl - security update
2018-03-29 00:00:00
aix
aix
Vulnerability in OpenSSL affects AIX (CVE-2018-0739)
2018-04-30 11:00:38
redhatcve
redhatcve
CVE-2018-0739
2019-10-08 11:45:23
mageia
mageia
Updated openssl packages fix security vulnerability
2018-04-03 21:48:20
Updated libtomcrypt packages fix security vulnerability
2018-08-15 18:45:26
altlinux
altlinux
Security fix for the ALT Linux 10 package openssl1.1 version 1.0.2o-alt1
2018-03-27 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.2o-alt1
2018-03-27 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.2o-alt1
2018-03-27 00:00:00
slackware
slackware
[slackware-security] openssl
2018-03-29 03:28:30
ubuntu
ubuntu
OpenSSL vulnerability
2018-03-28 00:00:00
OpenSSL vulnerabilities
2018-04-17 00:00:00
f5
f5
K08044291 : OpenSSL vulnerability CVE-2018-0739
2018-04-13 00:00:00
redhat
redhat
openssl
openssl
Vulnerability in OpenSSL CVE-2018-0739
2018-03-27 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: compat-openssl10-1.0.2o-1.fc28
2018-04-09 13:30:37
[SECURITY] Fedora 27 Update: compat-openssl10-1.0.2o-1.fc27
2018-04-09 19:10:19
[SECURITY] Fedora 26 Update: compat-openssl10-1.0.2o-1.fc26
2018-04-09 18:36:03
ubuntucve
ubuntucve
CVE-2018-0739
2018-03-27 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:26:40
Denial Of Service (DoS)
2018-03-28 08:40:32
alpinelinux
alpinelinux
CVE-2018-0739
2018-03-27 21:29:00
broadcom
broadcom
DOS for Handling of crafted recursive ASN.1 structures
2023-08-01 00:00:00
cloudfoundry
cloudfoundry
USN-3611-1: OpenSSL vulnerability | Cloud Foundry
2018-05-02 00:00:00
centos
centos
OVMF security update
2018-11-15 18:50:56
openssl security update
2018-11-15 18:50:49
oraclelinux
oraclelinux
openssl security update
2018-09-26 00:00:00
openssl security update
2018-09-27 00:00:00
ovmf security, bug fix, and enhancement update
2018-11-05 00:00:00
prion
prion
Design/Logic Flaw
2018-03-27 21:29:00
cvelist
cvelist
nvd
nvd
CVE-2018-0739
2018-03-27 21:29:00
debiancve
debiancve
CVE-2018-0739
2018-03-27 21:29:00
amazon
amazon
Medium: openssl
2018-08-22 18:59:00
Medium: openssl
2018-12-05 23:20:00
Medium: openssl
2018-11-07 22:07:00
symantec
symantec
SA166: OpenSSL Vulnerabilities 27-Mar-2018
2018-05-22 08:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2018-03-27 00:00:00
archlinux
archlinux
[ASA-201804-2] openssl: multiple issues
2018-04-01 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2018-11-28 00:00:00
Dropbear: Multiple vulnerabilities
2020-07-28 00:00:00
tenable
tenable
[R1] Nessus Agent 7.1.0 Fixes Multiple Third-party Vulnerabilities
2018-06-14 16:02:13
[R1] Nessus Agent 7.1.0 Fixes Multiple Third-party Vulnerabilities
2018-06-14 16:02:13
paloalto
paloalto
OpenSSL Vulnerabilities in PAN-OS
2018-10-11 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2018-0739, CVE-2018-0737, CVE-2021-3712, CVE-2018-0732
2021-09-21 22:11:57
nodejsblog
nodejsblog
March 2018 Security Releases
2018-03-21 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.009 Low
EPSS
Percentile
83.0%
Related for HUAWEI-SA-20180613-01-OPENSSL