Alpine: openssl: security update to 1.0.2o-r0

medium Tenable Cloud Security Plugin ID 406085

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only
comparing the least significant bit of each byte. This allows an attacker to forge messages that would be
considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the
scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are
affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). (CVE-2018-0733)

- Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually
exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service
attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is
considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected
1.0.2b-1.0.2n). (CVE-2018-0739)

See Also

https://security.alpinelinux.org/vuln/CVE-2018-0733

https://security.alpinelinux.org/vuln/CVE-2018-0739

Plugin Details

Severity: Medium

ID: 406085

Version: Revision 1.25

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 5

Percentile: 94.65

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2018-0733

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/7/2017

Reference Information

CVE: CVE-2018-0733, CVE-2018-0739

BID: 103517, 103518

IAVA: 2018-A-0091-S