English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.107831
Category:Huawei
Title:Huawei Data Communication: OpenSSL Vulnerability in Some Huawei Products (huawei-sa-20180613-01-openssl)
Summary:Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive recursion.
Description:Summary:
Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive recursion.

Vulnerability Insight:
Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive recursion. Successful exploit could result in a Denial Of Service attack. (Vulnerability ID: HWPSIRT-2018-03073)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2018-0739.Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references.

Vulnerability Impact:
Successful exploit could result in a Denial Of Service attack.

Affected Software/OS:
AR3200 versions V200R008C20

AnyOffice versions 2.5.0501.0290

EulerOS versions V200R005C00

FusionSphere OpenStack versions 6.5.0 6.5.RC1 6.5.RC2 V100R006C00 V100R006C10 V100R006C30

OceanStor 5300 V3 versions V300R006C10

OceanStor 5500 V3 versions V300R006C10

OceanStor 5600 V3 versions V300R006C10

OceanStor 5800 V3 versions V300R006C10

OceanStor 6800 V3 versions V300R006C10

OceanStor 9000 versions V300R005C00 V300R006C00 V300R006C10 V300R006C20

OceanStor ReplicationDirector versions V200R001C00 V200R001C20

OceanStor UDS versions V1R2C01LHWS01RC3 V1R2C01LHWS01RC6

SMC2.0 versions V500R002C00 V600R006C00 V600R006C10

eSpace VCN3000 versions V100R002C10 V100R002C20

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-0739
BugTraq ID: 103518
http://www.securityfocus.com/bid/103518
BugTraq ID: 105609
http://www.securityfocus.com/bid/105609
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d
https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
https://security.netapp.com/advisory/ntap-20180330-0002/
https://security.netapp.com/advisory/ntap-20180726-0002/
https://securityadvisories.paloaltonetworks.com/Home/Detail/133
https://www.openssl.org/news/secadv/20180327.txt
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.tenable.com/security/tns-2018-04
https://www.tenable.com/security/tns-2018-06
https://www.tenable.com/security/tns-2018-07
Debian Security Information: DSA-4157 (Google Search)
https://www.debian.org/security/2018/dsa-4157
Debian Security Information: DSA-4158 (Google Search)
https://www.debian.org/security/2018/dsa-4158
https://security.gentoo.org/glsa/201811-21
https://security.gentoo.org/glsa/202007-53
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html
RedHat Security Advisories: RHSA-2018:3090
https://access.redhat.com/errata/RHSA-2018:3090
RedHat Security Advisories: RHSA-2018:3221
https://access.redhat.com/errata/RHSA-2018:3221
RedHat Security Advisories: RHSA-2018:3505
https://access.redhat.com/errata/RHSA-2018:3505
RedHat Security Advisories: RHSA-2019:0366
https://access.redhat.com/errata/RHSA-2019:0366
RedHat Security Advisories: RHSA-2019:0367
https://access.redhat.com/errata/RHSA-2019:0367
RedHat Security Advisories: RHSA-2019:1711
https://access.redhat.com/errata/RHSA-2019:1711
RedHat Security Advisories: RHSA-2019:1712
https://access.redhat.com/errata/RHSA-2019:1712
http://www.securitytracker.com/id/1040576
https://usn.ubuntu.com/3611-1/
https://usn.ubuntu.com/3611-2/
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2024 E-Soft Inc. All rights reserved.