cvelist/2018/8xxx/CVE-2018-8022.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "DATE_PUBLIC": "2018-08-28T00:00:00",
        "ID": "CVE-2018-8022",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Apache Traffic Server",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "6.2.2"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Apache Software Foundation"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Information Disclosure"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "[trafficserver-users] 20180828 [ANNOUNCE] Apache Traffic Server vulnerability with an invalid TLS handshake - CVE-2018-8022",
                "refsource": "MLIST",
                "url": "https://lists.apache.org/thread.html/ce404d2fe16cc59085ece5a6236ccd1549def471a2a9508198d966b1@%3Cusers.trafficserver.apache.org%3E"
            },
            {
                "name": "105183",
                "refsource": "BID",
                "url": "http://www.securityfocus.com/bid/105183"
            },
            {
                "name": "https://github.com/apache/trafficserver/pull/2147",
                "refsource": "CONFIRM",
                "url": "https://github.com/apache/trafficserver/pull/2147"
            }
        ]
    }
}
- Synchronized data. 2018-03-09 16:03:15 -05:00			`{`
"-Synchronized-Data." 2019-03-18 03:14:22 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "security@apache.org",`
			`"DATE_PUBLIC": "2018-08-28T00:00:00",`
			`"ID": "CVE-2018-8022",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Apache Traffic Server",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "6.2.2"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Apache Software Foundation"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
- Added submissions from Apache Traffic Server from 2018-08-28. 2018-08-29 08:10:55 -04:00			`{`
"-Synchronized-Data." 2019-03-18 03:14:22 +00:00			`"lang": "eng",`
			`"value": "A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions."`
- Added submissions from Apache Traffic Server from 2018-08-28. 2018-08-29 08:10:55 -04:00			`}`
"-Synchronized-Data." 2019-03-18 03:14:22 +00:00			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Information Disclosure"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "[trafficserver-users] 20180828 [ANNOUNCE] Apache Traffic Server vulnerability with an invalid TLS handshake - CVE-2018-8022",`
			`"refsource": "MLIST",`
			`"url": "https://lists.apache.org/thread.html/ce404d2fe16cc59085ece5a6236ccd1549def471a2a9508198d966b1@%3Cusers.trafficserver.apache.org%3E"`
			`},`
			`{`
			`"name": "105183",`
			`"refsource": "BID",`
			`"url": "http://www.securityfocus.com/bid/105183"`
			`},`
			`{`
			`"name": "https://github.com/apache/trafficserver/pull/2147",`
			`"refsource": "CONFIRM",`
			`"url": "https://github.com/apache/trafficserver/pull/2147"`
			`}`
			`]`
			`}`
			`}`