{"api_version":"1","generated_at":"2026-06-29T08:01:42+00:00","cve":"CVE-2018-8022","urls":{"html":"https://cve.report/CVE-2018-8022","api":"https://cve.report/api/cve/CVE-2018-8022.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-8022","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-8022"},"summary":{"title":"CVE-2018-8022","description":"A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions.","state":"PUBLIC","assigner":"security@apache.org","published_at":"2018-08-29 13:29:00","updated_at":"2023-11-07 03:01:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://github.com/apache/trafficserver/pull/2147","name":"https://github.com/apache/trafficserver/pull/2147","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"Convert an ink_release_assert into logic to reset the rbio to use the… by shinrich · Pull Request #2147 · apache/trafficserver · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/105183","name":"105183","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Apache Traffic Server CVE-2018-8022 Denial of Service Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://lists.apache.org/thread.html/ce404d2fe16cc59085ece5a6236ccd1549def471a2a9508198d966b1%40%3Cusers.trafficserver.apache.org%3E","name":"[trafficserver-users] 20180828 [ANNOUNCE] Apache Traffic Server vulnerability with an invalid TLS handshake - CVE-2018-8022","refsource":"","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/ce404d2fe16cc59085ece5a6236ccd1549def471a2a9508198d966b1@%3Cusers.trafficserver.apache.org%3E","name":"[trafficserver-users] 20180828 [ANNOUNCE] Apache Traffic Server vulnerability with an invalid TLS handshake - CVE-2018-8022","refsource":"MLIST","tags":["Vendor Advisory"],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-8022","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8022","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"8022","vulnerable":"1","versionEndIncluding":"6.2.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"traffic_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@apache.org","DATE_PUBLIC":"2018-08-28T00:00:00","ID":"CVE-2018-8022","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Apache Traffic Server","version":{"version_data":[{"version_value":"6.2.2"}]}}]},"vendor_name":"Apache Software Foundation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information Disclosure"}]}]},"references":{"reference_data":[{"name":"[trafficserver-users] 20180828 [ANNOUNCE] Apache Traffic Server vulnerability with an invalid TLS handshake - CVE-2018-8022","refsource":"MLIST","url":"https://lists.apache.org/thread.html/ce404d2fe16cc59085ece5a6236ccd1549def471a2a9508198d966b1@%3Cusers.trafficserver.apache.org%3E"},{"name":"105183","refsource":"BID","url":"http://www.securityfocus.com/bid/105183"},{"name":"https://github.com/apache/trafficserver/pull/2147","refsource":"CONFIRM","url":"https://github.com/apache/trafficserver/pull/2147"}]}},"nvd":{"publishedDate":"2018-08-29 13:29:00","lastModifiedDate":"2023-11-07 03:01:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndIncluding":"6.2.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"8022","Ordinal":"124339","Title":"CVE-2018-8022","CVE":"CVE-2018-8022","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"8022","Ordinal":"1","NoteData":"A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"8022","Ordinal":"2","NoteData":"2018-08-29","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"8022","Ordinal":"3","NoteData":"2018-09-01","Type":"Other","Title":"Modified"}]}}}