CVE-2018-11055
4.4
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| RSA | BSAFE Micro Edition Suite | unspecified < 4.0.11 | affected |
| RSA | BSAFE Micro Edition Suite | unspecified < 4.1.6.1 | affected |
Weaknesses
- Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability
ADP Enrichment
CVE Program Container
Additional References
- http://seclists.org/fulldisclosure/2018/Aug/46
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
References
- http://seclists.org/fulldisclosure/2018/Aug/46
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.