CVE-2018-8022
Summary
| CVE | CVE-2018-8022 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-08-29 13:29:00 UTC |
| Updated | 2023-11-07 03:01:00 UTC |
| Description | A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Traffic Server | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Convert an ink_release_assert into logic to reset the rbio to use the… by shinrich · Pull Request #2147 · apache/trafficserver · GitHub | CONFIRM | github.com | Patch, Third Party Advisory |
| Apache Traffic Server CVE-2018-8022 Denial of Service Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.