CVE-2018-0733

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.0 through 1.1.0g

Description The issue is related to an implementation bug in the PA-RISC CRYPTO memcmp function, which effectively reduces the comparison to only the least significant bit of each byte. This allows an attacker to forge messages that would be considered authenticated in a lower number of attempts than guaranteed by the security claims. The vulnerability is specific to HP-UX PA-RISC targets due to compilation requirements.

Recommendations For versions 1.1.0 through 1.1.0g, update to OpenSSL 1.1.0h to resolve the issue.