Ruby Programming Language Openssl
By the Year
In 2021 there have been 0 vulnerabilities in Ruby Programming Language Openssl . Openssl did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 1 | 9.80 |
It may take a day or so for new Openssl vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Ruby Programming Language Openssl Security Vulnerabilities
An issue was discovered in the OpenSSL library in Ruby before 2.3.8
CVE-2018-16395
9.8 - Critical
- November 16, 2018
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
CVE-2018-16395 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.