CVE-2018-11056
Summary
| CVE | CVE-2018-11056 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-08-31 18:29:00 UTC |
| Updated | 2022-04-18 18:15:00 UTC |
| Description | RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service. |
Risk And Classification
Problem Types: CWE-400
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Dell | Bsafe | All | All | All | All |
| Application | Dell | Bsafe Crypto-c | All | All | All | All |
| Application | Emc | Rsa Bsafe | All | All | All | All |
| Application | Emc | Rsa Bsafe | All | All | All | All |
| Application | Emc | Rsa Bsafe Crypto-c | All | All | All | All |
| Application | Emc | Rsa Bsafe Crypto-c | All | All | All | All |
| Application | Oracle | Application Testing Suite | 13.3.0.1 | All | All | All |
| Application | Oracle | Communications Analytics | 12.1.1 | All | All | All |
| Application | Oracle | Communications Ip Service Activator | 7.3.0 | All | All | All |
| Application | Oracle | Communications Ip Service Activator | 7.4.0 | All | All | All |
| Application | Oracle | Core Rdbms | 11.2.0.4 | All | All | All |
| Application | Oracle | Core Rdbms | 12.1.0.2 | All | All | All |
| Application | Oracle | Core Rdbms | 12.2.0.1 | All | All | All |
| Application | Oracle | Core Rdbms | 18c | All | All | All |
| Application | Oracle | Core Rdbms | 19c | All | All | All |
| Application | Oracle | Enterprise Manager Ops Center | 12.3.3 | All | All | All |
| Application | Oracle | Enterprise Manager Ops Center | 12.4.0 | All | All | All |
| Application | Oracle | Goldengate Application Adapters | 12.3.2.1.0 | All | All | All |
| Application | Oracle | Jd Edwards Enterpriseone Tools | 9.2 | All | All | All |
| Application | Oracle | Real User Experience Insight | 13.1.2.1 | All | All | All |
| Application | Oracle | Real User Experience Insight | 13.2.3.1 | All | All | All |
| Application | Oracle | Real User Experience Insight | 13.3.1.0 | All | All | All |
| Application | Oracle | Retail Predictive Application Server | 15.0.3 | All | All | All |
| Application | Oracle | Retail Predictive Application Server | 16.0.3.0 | All | All | All |
| Application | Oracle | Security Service | 11.1.1.9.0 | All | All | All |
| Application | Oracle | Security Service | 12.1.3.0.0 | All | All | All |
| Application | Oracle | Security Service | 12.2.1.3.0 | All | All | All |
| Application | Oracle | Timesten In-memory Database | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Oracle Critical Patch Update Advisory - July 2020 | MISC | www.oracle.com | |
| Full Disclosure: DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| Oracle Critical Patch Update Advisory - October 2020 | MISC | www.oracle.com | |
| Oracle Critical Patch Update - July 2019 | MISC | www.oracle.com | |
| Oracle Critical Patch Update Advisory - January 2020 | MISC | www.oracle.com | |
| Oracle Critical Patch Update Advisory - April 2020 | N/A | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.