cve/2018/CVE-2018-16395.md

### [CVE-2018-16395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16395)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.

### POC

#### Reference
- https://hackerone.com/reports/387250
- https://www.oracle.com/security-alerts/cpujan2020.html

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/chnzzh/OpenSSL-CVE-lib
- https://github.com/sonatype-nexus-community/cheque
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-16395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16395)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.

			`### POC`

			`#### Reference`
			`- https://hackerone.com/reports/387250`
			`- https://www.oracle.com/security-alerts/cpujan2020.html`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/chnzzh/OpenSSL-CVE-lib`
			`- https://github.com/sonatype-nexus-community/cheque`