CVE-2018-11055
MEDIUMRSA BSAFE Micro Edition Suite 4.0.0-4.0.10 and 4.1.0-4.1.6 - Improper Clearing of Heap Memory Before Release
Title source: llmDescription
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.
References (6)
Core 6
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Aug/46
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2020.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2020.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2020.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2020.html
Scores
CVSS v3
5.5
EPSS
0.0009
EPSS Percentile
24.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-404
Status
published
Products (23)
dell/bsafe
4.0.0 - 4.0.11
oracle/application_testing_suite
13.3.0.1
oracle/communications_analytics
12.1.1
oracle/communications_ip_service_activator
7.3.0
oracle/communications_ip_service_activator
7.4.0
oracle/core_rdbms
11.2.0.4
oracle/core_rdbms
12.1.0.2
oracle/core_rdbms
12.2.0.1
oracle/core_rdbms
18c
oracle/core_rdbms
19c
... and 13 more
Published
Aug 31, 2018
Tracked Since
Feb 18, 2026