CVE-2018-11056

EPSS 1.96%
Published 31.08.2018 18:29:00
Last modified 21.11.2024 03:42:35
Source security_alert@emc.com
Teams watchlist Login
Open Login

RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.

Affected products Warnungen 0 Metrics 4 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Bsafe SwEditionmicro_edition_suite Version >= 4.1.0 < 4.1.6.1

Dell ≫ Bsafe Crypto-c SwEditionmicro Version >= 4.0.0 < 4.0.5.3

Oracle ≫ Application Testing Suite Version13.3.0.1

Oracle ≫ Communications Analytics Version12.1.1

Oracle ≫ Communications Ip Service Activator Version7.3.0

Oracle ≫ Communications Ip Service Activator Version7.4.0

Oracle ≫ Core Rdbms Version11.2.0.4

Oracle ≫ Core Rdbms Version12.1.0.2

Oracle ≫ Core Rdbms Version12.2.0.1

Oracle ≫ Core Rdbms Version18c

Oracle ≫ Core Rdbms Version19c

Oracle ≫ Enterprise Manager Ops Center Version12.3.3

Oracle ≫ Enterprise Manager Ops Center Version12.4.0

Oracle ≫ Goldengate Application Adapters Version12.3.2.1.0

Oracle ≫ Jd Edwards Enterpriseone Tools Version9.2

Oracle ≫ Real User Experience Insight Version13.1.2.1

Oracle ≫ Real User Experience Insight Version13.2.3.1

Oracle ≫ Real User Experience Insight Version13.3.1.0

Oracle ≫ Retail Predictive Application Server Version15.0.3

Oracle ≫ Retail Predictive Application Server Version16.0.3.0

Oracle ≫ Security Service Version11.1.1.9.0

Oracle ≫ Security Service Version12.1.3.0.0

Oracle ≫ Security Service Version12.2.1.3.0

Oracle ≫ Timesten In-memory Database Version < 18.1.4.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.96%	0.827

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P
security_alert@emc.com	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://www.oracle.com/security-alerts/cpujan2020.html

Patch

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2020.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Patch

Third Party Advisory