Buffer Over-Read in RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition
CVE-2018-11058

7.5HIGH

Key Information:

Vendor: Rsa
Status: Bsafe Micro Edition Suite; Bsafe Crypto-c Micro Edition
Vendor: CVE Published:; 14 September 2018

What is CVE-2018-11058?

The RSA BSAFE Micro Edition Suite and RSA BSAFE Crypto-C Micro Edition contain a vulnerability that allows a remote attacker to exploit a Buffer Over-Read during the parsing of maliciously crafted ASN.1 data. This security flaw could result in data leakage or unauthorized access to sensitive information, presenting risks to applications utilizing these products. Users are advised to update their software to the latest versions to mitigate potential threats.

Affected Version(s)

BSAFE Crypto-C Micro Edition < 4.0.5.3

BSAFE Micro Edition Suite < 4.0.11

BSAFE Micro Edition Suite < 4.1.6.1

References

http://seclists.org/fulldisclosure/2018/Aug/46

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/bid/108106

vdb-entryx_refsource_BID

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 14, 2018
Vulnerability Reserved
May 14, 2018

Rsa

What is CVE-2018-11058?

Affected Version(s)

References

CVSS V3.1

Timeline