Vulnerability-Lookup

	Vendor	Product	Description
	Oracle	N/A	Oracle Solaris versions 11.2 et antérieures
	Oracle	N/A	Oracle Solaris versions 10 et antérieures

CVE-2015-0208 (GCVE-0-2015-0208)

Vulnerability from cvelistv5 – Published: 2015-03-19 00:00 – Updated: 2024-08-06 04:03

Summary

The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature.

Severity

No CVSS data available.

CWE

n/a

Assigner

redhat

References

17 references

URL	Tags
https://git.openssl.org/?p=openssl.git%3Ba=commit…
https://kc.mcafee.com/corporate/index?page=conten…
http://www.oracle.com/technetwork/topics/security…
http://marc.info/?l=bugtraq&m=144050155601375&w=2	vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1202369
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
http://www.securityfocus.com/bid/73230	vdb-entry
http://www.oracle.com/technetwork/topics/security…
http://marc.info/?l=bugtraq&m=143748090628601&w=2	vendor-advisory
http://www.oracle.com/technetwork/topics/security…
http://www.oracle.com/technetwork/security-adviso…
http://www.oracle.com/technetwork/topics/security…
http://marc.info/?l=bugtraq&m=144050297101809&w=2	vendor-advisory
http://www.securitytracker.com/id/1031929	vdb-entry
https://security.gentoo.org/glsa/201503-11	vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/s…

Date Public

2015-03-19 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.256Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=4b22cce3812052fe64fc3f6d58d8cc884e3cb834"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202369"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "name": "73230",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73230"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=4b22cce3812052fe64fc3f6d58d8cc884e3cb834"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202369"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "name": "73230",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73230"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0208",
    "datePublished": "2015-03-19T00:00:00.000Z",
    "dateReserved": "2014-11-18T00:00:00.000Z",
    "dateUpdated": "2024-08-06T04:03:10.256Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0209 (GCVE-0-2015-0209)

Vulnerability from cvelistv5 – Published: 2015-03-19 00:00 – Updated: 2024-08-06 04:03

Summary

Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.

Severity

No CVSS data available.

CWE

n/a

Assigner

redhat

References

45 references

URL	Tags
https://kc.mcafee.com/corporate/index?page=conten…
http://www.oracle.com/technetwork/topics/security…
http://rhn.redhat.com/errata/RHSA-2015-0715.html	vendor-advisory
http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisory
http://kb.juniper.net/InfoCenter/index?page=conte…
http://www.debian.org/security/2015/dsa-3197	vendor-advisory
http://www.ubuntu.com/usn/USN-2537-1	vendor-advisory
http://marc.info/?l=bugtraq&m=144050155601375&w=2	vendor-advisory
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba…
http://www.oracle.com/technetwork/topics/security…
http://marc.info/?l=bugtraq&m=143748090628601&w=2	vendor-advisory
http://www.oracle.com/technetwork/topics/security…
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
http://lists.apple.com/archives/security-announce…	vendor-advisory
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
https://access.redhat.com/articles/1384453
http://rhn.redhat.com/errata/RHSA-2016-1089.html	vendor-advisory
http://www.oracle.com/technetwork/security-adviso…
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1196737
http://marc.info/?l=bugtraq&m=143213830203296&w=2	vendor-advisory
http://www.mandriva.com/security/advisories?name=…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://www.oracle.com/technetwork/topics/security…
http://rhn.redhat.com/errata/RHSA-2015-0716.html	vendor-advisory
http://marc.info/?l=bugtraq&m=142841429220765&w=2	vendor-advisory
http://support.apple.com/kb/HT204942
https://www.freebsd.org/security/advisories/FreeB…	vendor-advisory
http://marc.info/?l=bugtraq&m=144050297101809&w=2	vendor-advisory
http://www.oracle.com/technetwork/topics/security…
http://rhn.redhat.com/errata/RHSA-2015-0752.html	vendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
http://www.securitytracker.com/id/1031929	vdb-entry
http://www.securityfocus.com/bid/73239	vdb-entry
http://www.mandriva.com/security/advisories?name=…	vendor-advisory
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
https://support.citrix.com/article/CTX216642
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
http://marc.info/?l=bugtraq&m=144050254401665&w=2	vendor-advisory
https://security.gentoo.org/glsa/201503-11	vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/s…

Date Public

2015-03-19 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:09.978Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "RHSA-2015:0715",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
          },
          {
            "name": "openSUSE-SU-2015:0554",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
          },
          {
            "name": "DSA-3197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3197"
          },
          {
            "name": "USN-2537-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2537-1"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "name": "FEDORA-2015-4303",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "FEDORA-2015-4300",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
          },
          {
            "name": "APPLE-SA-2015-06-30-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
          },
          {
            "name": "FEDORA-2015-6951",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/1384453"
          },
          {
            "name": "RHSA-2016:1089",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196737"
          },
          {
            "name": "HPSBUX03334",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "MDVSA-2015:063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
          },
          {
            "name": "SUSE-SU-2015:0541",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "RHSA-2015:0716",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
          },
          {
            "name": "HPSBGN03306",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204942"
          },
          {
            "name": "FreeBSD-SA-15:06",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "RHSA-2015:0752",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "SSRT102000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "73239",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73239"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "name": "FEDORA-2015-4320",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "FEDORA-2015-6855",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
          },
          {
            "name": "HPSBMU03413",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "RHSA-2015:0715",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
        },
        {
          "name": "openSUSE-SU-2015:0554",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
        },
        {
          "name": "DSA-3197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3197"
        },
        {
          "name": "USN-2537-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2537-1"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "name": "FEDORA-2015-4303",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "FEDORA-2015-4300",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
        },
        {
          "name": "APPLE-SA-2015-06-30-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
        },
        {
          "name": "FEDORA-2015-6951",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "https://access.redhat.com/articles/1384453"
        },
        {
          "name": "RHSA-2016:1089",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196737"
        },
        {
          "name": "HPSBUX03334",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "MDVSA-2015:063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
        },
        {
          "name": "SUSE-SU-2015:0541",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "RHSA-2015:0716",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
        },
        {
          "name": "HPSBGN03306",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
        },
        {
          "url": "http://support.apple.com/kb/HT204942"
        },
        {
          "name": "FreeBSD-SA-15:06",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "RHSA-2015:0752",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "SSRT102000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "73239",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73239"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "name": "FEDORA-2015-4320",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
        },
        {
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "FEDORA-2015-6855",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
        },
        {
          "name": "HPSBMU03413",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0209",
    "datePublished": "2015-03-19T00:00:00.000Z",
    "dateReserved": "2014-11-18T00:00:00.000Z",
    "dateUpdated": "2024-08-06T04:03:09.978Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0255 (GCVE-0-2015-0255)

Vulnerability from cvelistv5 – Published: 2015-02-13 15:00 – Updated: 2024-08-06 04:03

Summary

X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.

Severity

No CVSS data available.

CWE

n/a

Assigner

redhat

References

13 references

URL	Tags
http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
https://security.gentoo.org/glsa/201504-06	vendor-advisoryx_refsource_GENTOO
http://advisories.mageia.org/MGASA-2015-0073.html	x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://www.securityfocus.com/bid/72578	vdb-entryx_refsource_BID
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3160	vendor-advisoryx_refsource_DEBIAN
http://www.ubuntu.com/usn/USN-2500-1	vendor-advisoryx_refsource_UBUNTU
http://www.x.org/wiki/Development/Security/Adviso…	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2015-0797.html	vendor-advisoryx_refsource_REDHAT

Date Public

2015-02-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.448Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2015:0337",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "GLSA-201504-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201504-06"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2015-0073.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
          },
          {
            "name": "72578",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72578"
          },
          {
            "name": "MDVSA-2015:119",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "DSA-3160",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3160"
          },
          {
            "name": "USN-2500-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2500-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/"
          },
          {
            "name": "openSUSE-SU-2015:0338",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html"
          },
          {
            "name": "RHSA-2015:0797",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0797.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-29T18:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openSUSE-SU-2015:0337",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "GLSA-201504-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201504-06"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2015-0073.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
        },
        {
          "name": "72578",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72578"
        },
        {
          "name": "MDVSA-2015:119",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "DSA-3160",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3160"
        },
        {
          "name": "USN-2500-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2500-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/"
        },
        {
          "name": "openSUSE-SU-2015:0338",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html"
        },
        {
          "name": "RHSA-2015:0797",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0797.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-0255",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2015:0337",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
            },
            {
              "name": "GLSA-201504-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201504-06"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2015-0073.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2015-0073.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
            },
            {
              "name": "72578",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72578"
            },
            {
              "name": "MDVSA-2015:119",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
            },
            {
              "name": "DSA-3160",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3160"
            },
            {
              "name": "USN-2500-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2500-1"
            },
            {
              "name": "http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/",
              "refsource": "CONFIRM",
              "url": "http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/"
            },
            {
              "name": "openSUSE-SU-2015:0338",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html"
            },
            {
              "name": "RHSA-2015:0797",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0797.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0255",
    "datePublished": "2015-02-13T15:00:00.000Z",
    "dateReserved": "2014-11-18T00:00:00.000Z",
    "dateUpdated": "2024-08-06T04:03:10.448Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0285 (GCVE-0-2015-0285)

Vulnerability from cvelistv5 – Published: 2015-03-19 00:00 – Updated: 2024-08-06 04:03

Summary

The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack.

Severity

No CVSS data available.

CWE

n/a

Assigner

redhat

References

18 references

URL	Tags
https://kc.mcafee.com/corporate/index?page=conten…
http://www.oracle.com/technetwork/topics/security…
https://git.openssl.org/gitweb/?p=openssl.git%3Ba…
http://marc.info/?l=bugtraq&m=144050155601375&w=2	vendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
http://www.oracle.com/technetwork/topics/security…
http://marc.info/?l=bugtraq&m=143748090628601&w=2	vendor-advisory
http://www.oracle.com/technetwork/topics/security…
https://bugzilla.redhat.com/show_bug.cgi?id=1202410
http://www.oracle.com/technetwork/security-adviso…
http://www.fortiguard.com/advisory/2015-03-24-ope…
http://www.oracle.com/technetwork/topics/security…
http://marc.info/?l=bugtraq&m=144050297101809&w=2	vendor-advisory
http://www.securitytracker.com/id/1031929	vdb-entry
http://www.securityfocus.com/bid/73234	vdb-entry
https://security.gentoo.org/glsa/201503-11	vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/s…

Date Public

2015-03-19 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.803Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=e1b568dd2462f7cacf98f3d117936c34e2849a6b"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202410"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "73234",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73234"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=e1b568dd2462f7cacf98f3d117936c34e2849a6b"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202410"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "73234",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73234"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0285",
    "datePublished": "2015-03-19T00:00:00.000Z",
    "dateReserved": "2014-11-18T00:00:00.000Z",
    "dateUpdated": "2024-08-06T04:03:10.803Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0286 (GCVE-0-2015-0286)

Vulnerability from cvelistv5 – Published: 2015-03-19 00:00 – Updated: 2024-08-06 04:03

Summary

The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.

Severity

No CVSS data available.

CWE

n/a

Assigner

redhat

References

52 references

URL	Tags
https://kc.mcafee.com/corporate/index?page=conten…
http://www.oracle.com/technetwork/topics/security…
http://rhn.redhat.com/errata/RHSA-2015-0715.html	vendor-advisory
http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisory
http://kb.juniper.net/InfoCenter/index?page=conte…
http://www.debian.org/security/2015/dsa-3197	vendor-advisory
http://www.ubuntu.com/usn/USN-2537-1	vendor-advisory
http://marc.info/?l=bugtraq&m=144050155601375&w=2	vendor-advisory
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
https://support.apple.com/HT205212
http://lists.apple.com/archives/security-announce…	vendor-advisory
http://www.oracle.com/technetwork/topics/security…
http://marc.info/?l=bugtraq&m=143748090628601&w=2	vendor-advisory
http://www.oracle.com/technetwork/topics/security…
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
http://lists.apple.com/archives/security-announce…	vendor-advisory
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
https://access.redhat.com/articles/1384453
http://www.oracle.com/technetwork/security-adviso…
http://www.securitytracker.com/id/1032917	vdb-entry
http://www.oracle.com/technetwork/security-adviso…
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
https://support.apple.com/HT205267
http://marc.info/?l=bugtraq&m=143213830203296&w=2	vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1202366
http://www.mandriva.com/security/advisories?name=…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://www.fortiguard.com/advisory/2015-03-24-ope…
http://www.oracle.com/technetwork/topics/security…
http://rhn.redhat.com/errata/RHSA-2015-0716.html	vendor-advisory
http://marc.info/?l=bugtraq&m=142841429220765&w=2	vendor-advisory
http://support.apple.com/kb/HT204942
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
https://www.freebsd.org/security/advisories/FreeB…	vendor-advisory
http://marc.info/?l=bugtraq&m=144050297101809&w=2	vendor-advisory
http://www.oracle.com/technetwork/topics/security…
http://rhn.redhat.com/errata/RHSA-2015-0752.html	vendor-advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit…
http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
http://www.securitytracker.com/id/1031929	vdb-entry
http://lists.apple.com/archives/security-announce…	vendor-advisory
http://www.mandriva.com/security/advisories?name=…	vendor-advisory
http://www.oracle.com/technetwork/security-adviso…
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
https://support.citrix.com/article/CTX216642
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
http://marc.info/?l=bugtraq&m=144050254401665&w=2	vendor-advisory
http://www.securityfocus.com/bid/73225	vdb-entry
https://cert-portal.siemens.com/productcert/pdf/s…

Date Public

2015-03-19 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.760Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "RHSA-2015:0715",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
          },
          {
            "name": "openSUSE-SU-2015:0554",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
          },
          {
            "name": "DSA-3197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3197"
          },
          {
            "name": "USN-2537-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2537-1"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "name": "FEDORA-2015-4303",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205212"
          },
          {
            "name": "APPLE-SA-2015-09-30-3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "FEDORA-2015-4300",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
          },
          {
            "name": "APPLE-SA-2015-06-30-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
          },
          {
            "name": "FEDORA-2015-6951",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/1384453"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "1032917",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032917"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205267"
          },
          {
            "name": "HPSBUX03334",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202366"
          },
          {
            "name": "MDVSA-2015:063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
          },
          {
            "name": "SUSE-SU-2015:0541",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "RHSA-2015:0716",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
          },
          {
            "name": "HPSBGN03306",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204942"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "name": "FreeBSD-SA-15:06",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "RHSA-2015:0752",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c3c7fb07dc975dc3c9de0eddb7d8fd79fc9c67c1"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "SSRT102000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "APPLE-SA-2015-09-16-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FEDORA-2015-4320",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "FEDORA-2015-6855",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
          },
          {
            "name": "HPSBMU03413",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
          },
          {
            "name": "73225",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73225"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "RHSA-2015:0715",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
        },
        {
          "name": "openSUSE-SU-2015:0554",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
        },
        {
          "name": "DSA-3197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3197"
        },
        {
          "name": "USN-2537-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2537-1"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "name": "FEDORA-2015-4303",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "url": "https://support.apple.com/HT205212"
        },
        {
          "name": "APPLE-SA-2015-09-30-3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "FEDORA-2015-4300",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
        },
        {
          "name": "APPLE-SA-2015-06-30-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
        },
        {
          "name": "FEDORA-2015-6951",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "https://access.redhat.com/articles/1384453"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "1032917",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032917"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "url": "https://support.apple.com/HT205267"
        },
        {
          "name": "HPSBUX03334",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202366"
        },
        {
          "name": "MDVSA-2015:063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
        },
        {
          "name": "SUSE-SU-2015:0541",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
        },
        {
          "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "RHSA-2015:0716",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
        },
        {
          "name": "HPSBGN03306",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
        },
        {
          "url": "http://support.apple.com/kb/HT204942"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "name": "FreeBSD-SA-15:06",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "RHSA-2015:0752",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c3c7fb07dc975dc3c9de0eddb7d8fd79fc9c67c1"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "SSRT102000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "APPLE-SA-2015-09-16-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FEDORA-2015-4320",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
        },
        {
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "FEDORA-2015-6855",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
        },
        {
          "name": "HPSBMU03413",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
        },
        {
          "name": "73225",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73225"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0286",
    "datePublished": "2015-03-19T00:00:00.000Z",
    "dateReserved": "2014-11-18T00:00:00.000Z",
    "dateUpdated": "2024-08-06T04:03:10.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0287 (GCVE-0-2015-0287)

Vulnerability from cvelistv5 – Published: 2015-03-19 00:00 – Updated: 2024-08-06 04:03

Summary

The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.

Severity

No CVSS data available.

CWE

n/a

Assigner

redhat

References

49 references

URL	Tags
https://kc.mcafee.com/corporate/index?page=conten…
http://www.oracle.com/technetwork/topics/security…
http://rhn.redhat.com/errata/RHSA-2015-0715.html	vendor-advisory
http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisory
http://kb.juniper.net/InfoCenter/index?page=conte…
http://www.debian.org/security/2015/dsa-3197	vendor-advisory
http://www.ubuntu.com/usn/USN-2537-1	vendor-advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit…
http://marc.info/?l=bugtraq&m=144050155601375&w=2	vendor-advisory
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
https://support.apple.com/HT205212
http://www.securityfocus.com/bid/73227	vdb-entry
http://lists.apple.com/archives/security-announce…	vendor-advisory
http://www.oracle.com/technetwork/topics/security…
http://marc.info/?l=bugtraq&m=143748090628601&w=2	vendor-advisory
http://www.oracle.com/technetwork/topics/security…
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
http://lists.apple.com/archives/security-announce…	vendor-advisory
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
https://access.redhat.com/articles/1384453
http://www.oracle.com/technetwork/security-adviso…
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
https://support.apple.com/HT205267
http://marc.info/?l=bugtraq&m=143213830203296&w=2	vendor-advisory
http://www.mandriva.com/security/advisories?name=…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://www.oracle.com/technetwork/topics/security…
http://rhn.redhat.com/errata/RHSA-2015-0716.html	vendor-advisory
http://marc.info/?l=bugtraq&m=142841429220765&w=2	vendor-advisory
http://support.apple.com/kb/HT204942
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
https://www.freebsd.org/security/advisories/FreeB…	vendor-advisory
http://marc.info/?l=bugtraq&m=144050297101809&w=2	vendor-advisory
http://www.oracle.com/technetwork/topics/security…
http://rhn.redhat.com/errata/RHSA-2015-0752.html	vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-0800.html	vendor-advisory
http://www.securitytracker.com/id/1031929	vdb-entry
http://lists.apple.com/archives/security-announce…	vendor-advisory
http://www.mandriva.com/security/advisories?name=…	vendor-advisory
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
https://support.citrix.com/article/CTX216642
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1202380
https://security.gentoo.org/glsa/201503-11	vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/s…

Date Public

2015-03-19 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.946Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "RHSA-2015:0715",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
          },
          {
            "name": "openSUSE-SU-2015:0554",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
          },
          {
            "name": "DSA-3197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3197"
          },
          {
            "name": "USN-2537-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2537-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=b717b083073b6cacc0a5e2397b661678aff7ae7f"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "name": "FEDORA-2015-4303",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205212"
          },
          {
            "name": "73227",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73227"
          },
          {
            "name": "APPLE-SA-2015-09-30-3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "FEDORA-2015-4300",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
          },
          {
            "name": "APPLE-SA-2015-06-30-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
          },
          {
            "name": "FEDORA-2015-6951",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/1384453"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205267"
          },
          {
            "name": "HPSBUX03334",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "MDVSA-2015:063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
          },
          {
            "name": "SUSE-SU-2015:0541",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "RHSA-2015:0716",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
          },
          {
            "name": "HPSBGN03306",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204942"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "name": "FreeBSD-SA-15:06",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "RHSA-2015:0752",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
          },
          {
            "name": "RHSA-2015:0800",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "SSRT102000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "APPLE-SA-2015-09-16-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "name": "FEDORA-2015-4320",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "SUSE-SU-2016:0678",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
          },
          {
            "name": "FEDORA-2015-6855",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202380"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "RHSA-2015:0715",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
        },
        {
          "name": "openSUSE-SU-2015:0554",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
        },
        {
          "name": "DSA-3197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3197"
        },
        {
          "name": "USN-2537-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2537-1"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=b717b083073b6cacc0a5e2397b661678aff7ae7f"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "name": "FEDORA-2015-4303",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "url": "https://support.apple.com/HT205212"
        },
        {
          "name": "73227",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73227"
        },
        {
          "name": "APPLE-SA-2015-09-30-3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "FEDORA-2015-4300",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
        },
        {
          "name": "APPLE-SA-2015-06-30-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
        },
        {
          "name": "FEDORA-2015-6951",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "https://access.redhat.com/articles/1384453"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "url": "https://support.apple.com/HT205267"
        },
        {
          "name": "HPSBUX03334",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "MDVSA-2015:063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
        },
        {
          "name": "SUSE-SU-2015:0541",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "RHSA-2015:0716",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
        },
        {
          "name": "HPSBGN03306",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
        },
        {
          "url": "http://support.apple.com/kb/HT204942"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "name": "FreeBSD-SA-15:06",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "RHSA-2015:0752",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
        },
        {
          "name": "RHSA-2015:0800",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "SSRT102000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "APPLE-SA-2015-09-16-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "name": "FEDORA-2015-4320",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
        },
        {
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "SUSE-SU-2016:0678",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
        },
        {
          "name": "FEDORA-2015-6855",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202380"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0287",
    "datePublished": "2015-03-19T00:00:00.000Z",
    "dateReserved": "2014-11-18T00:00:00.000Z",
    "dateUpdated": "2024-08-06T04:03:10.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0288 (GCVE-0-2015-0288)

Vulnerability from cvelistv5 – Published: 2015-03-19 00:00 – Updated: 2024-08-06 04:03

Summary

The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.

Severity

No CVSS data available.

CWE

n/a

Assigner

redhat

References

46 references

URL	Tags
https://kc.mcafee.com/corporate/index?page=conten…
http://www.oracle.com/technetwork/topics/security…
http://rhn.redhat.com/errata/RHSA-2015-0715.html	vendor-advisory
http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisory
http://kb.juniper.net/InfoCenter/index?page=conte…
http://www.debian.org/security/2015/dsa-3197	vendor-advisory
http://www.ubuntu.com/usn/USN-2537-1	vendor-advisory
http://marc.info/?l=bugtraq&m=144050155601375&w=2	vendor-advisory
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
http://www.oracle.com/technetwork/topics/security…
http://marc.info/?l=bugtraq&m=143748090628601&w=2	vendor-advisory
http://www.oracle.com/technetwork/topics/security…
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
https://rt.openssl.org/Ticket/Display.html?id=370…
http://lists.apple.com/archives/security-announce…	vendor-advisory
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
https://access.redhat.com/articles/1384453
http://www.oracle.com/technetwork/security-adviso…
http://www.securityfocus.com/bid/73237	vdb-entry
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://marc.info/?l=bugtraq&m=143213830203296&w=2	vendor-advisory
http://www.mandriva.com/security/advisories?name=…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://www.oracle.com/technetwork/topics/security…
http://rhn.redhat.com/errata/RHSA-2015-0716.html	vendor-advisory
http://marc.info/?l=bugtraq&m=142841429220765&w=2	vendor-advisory
http://support.apple.com/kb/HT204942
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
https://www.freebsd.org/security/advisories/FreeB…	vendor-advisory
http://marc.info/?l=bugtraq&m=144050297101809&w=2	vendor-advisory
http://www.oracle.com/technetwork/topics/security…
https://bugzilla.redhat.com/show_bug.cgi?id=1202418
http://rhn.redhat.com/errata/RHSA-2015-0752.html	vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-0800.html	vendor-advisory
http://www.securitytracker.com/id/1031929	vdb-entry
http://www.mandriva.com/security/advisories?name=…	vendor-advisory
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
https://support.citrix.com/article/CTX216642
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
http://marc.info/?l=bugtraq&m=144050254401665&w=2	vendor-advisory
https://security.gentoo.org/glsa/201503-11	vendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git%3Ba…
https://cert-portal.siemens.com/productcert/pdf/s…

Date Public

2015-03-19 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.738Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "RHSA-2015:0715",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
          },
          {
            "name": "openSUSE-SU-2015:0554",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
          },
          {
            "name": "DSA-3197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3197"
          },
          {
            "name": "USN-2537-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2537-1"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "name": "FEDORA-2015-4303",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "FEDORA-2015-4300",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://rt.openssl.org/Ticket/Display.html?id=3708\u0026user=guest\u0026pass=guest"
          },
          {
            "name": "APPLE-SA-2015-06-30-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
          },
          {
            "name": "FEDORA-2015-6951",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/1384453"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "73237",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73237"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "name": "HPSBUX03334",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "MDVSA-2015:063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
          },
          {
            "name": "SUSE-SU-2015:0541",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "RHSA-2015:0716",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
          },
          {
            "name": "HPSBGN03306",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204942"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "name": "FreeBSD-SA-15:06",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202418"
          },
          {
            "name": "RHSA-2015:0752",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
          },
          {
            "name": "RHSA-2015:0800",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "SSRT102000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "name": "FEDORA-2015-4320",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "FEDORA-2015-6855",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
          },
          {
            "name": "HPSBMU03413",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=28a00bcd8e318da18031b2ac8778c64147cd54f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "RHSA-2015:0715",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
        },
        {
          "name": "openSUSE-SU-2015:0554",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
        },
        {
          "name": "DSA-3197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3197"
        },
        {
          "name": "USN-2537-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2537-1"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "name": "FEDORA-2015-4303",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "FEDORA-2015-4300",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
        },
        {
          "url": "https://rt.openssl.org/Ticket/Display.html?id=3708\u0026user=guest\u0026pass=guest"
        },
        {
          "name": "APPLE-SA-2015-06-30-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
        },
        {
          "name": "FEDORA-2015-6951",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "https://access.redhat.com/articles/1384453"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "73237",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73237"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "name": "HPSBUX03334",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "MDVSA-2015:063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
        },
        {
          "name": "SUSE-SU-2015:0541",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "RHSA-2015:0716",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
        },
        {
          "name": "HPSBGN03306",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
        },
        {
          "url": "http://support.apple.com/kb/HT204942"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "name": "FreeBSD-SA-15:06",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202418"
        },
        {
          "name": "RHSA-2015:0752",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
        },
        {
          "name": "RHSA-2015:0800",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "SSRT102000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "name": "FEDORA-2015-4320",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
        },
        {
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "FEDORA-2015-6855",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
        },
        {
          "name": "HPSBMU03413",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=28a00bcd8e318da18031b2ac8778c64147cd54f9"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0288",
    "datePublished": "2015-03-19T00:00:00.000Z",
    "dateReserved": "2014-11-18T00:00:00.000Z",
    "dateUpdated": "2024-08-06T04:03:10.738Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0289 (GCVE-0-2015-0289)

Vulnerability from cvelistv5 – Published: 2015-03-19 00:00 – Updated: 2024-08-06 04:03

Summary

The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.

Severity

No CVSS data available.

CWE

n/a

Assigner

redhat

References

44 references

URL	Tags
https://kc.mcafee.com/corporate/index?page=conten…
http://www.oracle.com/technetwork/topics/security…
http://rhn.redhat.com/errata/RHSA-2015-0715.html	vendor-advisory
http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisory
http://kb.juniper.net/InfoCenter/index?page=conte…
http://www.debian.org/security/2015/dsa-3197	vendor-advisory
http://www.ubuntu.com/usn/USN-2537-1	vendor-advisory
http://marc.info/?l=bugtraq&m=144050155601375&w=2	vendor-advisory
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
http://www.securityfocus.com/bid/73231	vdb-entry
http://www.oracle.com/technetwork/topics/security…
http://marc.info/?l=bugtraq&m=143748090628601&w=2	vendor-advisory
http://www.oracle.com/technetwork/topics/security…
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit…
http://lists.apple.com/archives/security-announce…	vendor-advisory
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
https://access.redhat.com/articles/1384453
http://www.oracle.com/technetwork/security-adviso…
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://marc.info/?l=bugtraq&m=143213830203296&w=2	vendor-advisory
http://www.mandriva.com/security/advisories?name=…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://www.fortiguard.com/advisory/2015-03-24-ope…
http://www.oracle.com/technetwork/topics/security…
http://rhn.redhat.com/errata/RHSA-2015-0716.html	vendor-advisory
http://marc.info/?l=bugtraq&m=142841429220765&w=2	vendor-advisory
http://support.apple.com/kb/HT204942
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1202384
https://www.freebsd.org/security/advisories/FreeB…	vendor-advisory
http://marc.info/?l=bugtraq&m=144050297101809&w=2	vendor-advisory
http://www.oracle.com/technetwork/topics/security…
http://rhn.redhat.com/errata/RHSA-2015-0752.html	vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-0800.html	vendor-advisory
http://www.securitytracker.com/id/1031929	vdb-entry
http://www.mandriva.com/security/advisories?name=…	vendor-advisory
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisory
https://security.gentoo.org/glsa/201503-11	vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/s…

Date Public

2015-03-19 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.842Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "RHSA-2015:0715",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
          },
          {
            "name": "openSUSE-SU-2015:0554",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
          },
          {
            "name": "DSA-3197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3197"
          },
          {
            "name": "USN-2537-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2537-1"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "name": "FEDORA-2015-4303",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "name": "73231",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73231"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "FEDORA-2015-4300",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c0334c2c92dd1bc3ad8138ba6e74006c3631b0f9"
          },
          {
            "name": "APPLE-SA-2015-06-30-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
          },
          {
            "name": "FEDORA-2015-6951",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/1384453"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "name": "HPSBUX03334",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "MDVSA-2015:063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
          },
          {
            "name": "SUSE-SU-2015:0541",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "RHSA-2015:0716",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
          },
          {
            "name": "HPSBGN03306",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204942"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202384"
          },
          {
            "name": "FreeBSD-SA-15:06",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "RHSA-2015:0752",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
          },
          {
            "name": "RHSA-2015:0800",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "SSRT102000",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "name": "FEDORA-2015-4320",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
          },
          {
            "name": "FEDORA-2015-6855",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "RHSA-2015:0715",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
        },
        {
          "name": "openSUSE-SU-2015:0554",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
        },
        {
          "name": "DSA-3197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3197"
        },
        {
          "name": "USN-2537-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2537-1"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "name": "FEDORA-2015-4303",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "name": "73231",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73231"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "FEDORA-2015-4300",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c0334c2c92dd1bc3ad8138ba6e74006c3631b0f9"
        },
        {
          "name": "APPLE-SA-2015-06-30-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
        },
        {
          "name": "FEDORA-2015-6951",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "url": "https://access.redhat.com/articles/1384453"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "name": "HPSBUX03334",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "MDVSA-2015:063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
        },
        {
          "name": "SUSE-SU-2015:0541",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
        },
        {
          "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "RHSA-2015:0716",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
        },
        {
          "name": "HPSBGN03306",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
        },
        {
          "url": "http://support.apple.com/kb/HT204942"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202384"
        },
        {
          "name": "FreeBSD-SA-15:06",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "RHSA-2015:0752",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
        },
        {
          "name": "RHSA-2015:0800",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "SSRT102000",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "name": "FEDORA-2015-4320",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
        },
        {
          "name": "FEDORA-2015-6855",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0289",
    "datePublished": "2015-03-19T00:00:00.000Z",
    "dateReserved": "2014-11-18T00:00:00.000Z",
    "dateUpdated": "2024-08-06T04:03:10.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0290 (GCVE-0-2015-0290)

Vulnerability from cvelistv5 – Published: 2015-03-19 00:00 – Updated: 2024-08-06 04:03

Summary

The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors.

Severity

No CVSS data available.

CWE

n/a

Assigner

redhat

References

17 references

URL	Tags
http://www.securityfocus.com/bid/73226	vdb-entry
https://kc.mcafee.com/corporate/index?page=conten…
http://www.oracle.com/technetwork/topics/security…
http://marc.info/?l=bugtraq&m=144050155601375&w=2	vendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
http://www.oracle.com/technetwork/topics/security…
http://marc.info/?l=bugtraq&m=143748090628601&w=2	vendor-advisory
http://www.oracle.com/technetwork/topics/security…
https://bugzilla.redhat.com/show_bug.cgi?id=1202345
http://www.oracle.com/technetwork/security-adviso…
https://git.openssl.org/?p=openssl.git%3Ba=commit…
http://www.oracle.com/technetwork/topics/security…
http://marc.info/?l=bugtraq&m=144050297101809&w=2	vendor-advisory
http://www.securitytracker.com/id/1031929	vdb-entry
https://security.gentoo.org/glsa/201503-11	vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/s…

Date Public

2015-03-19 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.838Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "73226",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73226"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202345"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=77c77f0a1b9f15b869ca3342186dfbedd1119d0e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "73226",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73226"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202345"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=77c77f0a1b9f15b869ca3342186dfbedd1119d0e"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0290",
    "datePublished": "2015-03-19T00:00:00.000Z",
    "dateReserved": "2014-11-18T00:00:00.000Z",
    "dateUpdated": "2024-08-06T04:03:10.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0291 (GCVE-0-2015-0291)

Vulnerability from cvelistv5 – Published: 2015-03-19 00:00 – Updated: 2024-08-06 04:03

Summary

The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation.

Severity

No CVSS data available.

CWE

n/a

Assigner

redhat

References

18 references

URL	Tags
https://kc.mcafee.com/corporate/index?page=conten…
http://www.securityfocus.com/bid/73235	vdb-entry
http://www.oracle.com/technetwork/topics/security…
http://marc.info/?l=bugtraq&m=144050155601375&w=2	vendor-advisory
https://bto.bluecoat.com/security-advisory/sa92
https://www.openssl.org/news/secadv_20150319.txt
http://www.oracle.com/technetwork/topics/security…
https://git.openssl.org/?p=openssl.git%3Ba=commit…
http://marc.info/?l=bugtraq&m=143748090628601&w=2	vendor-advisory
http://www.oracle.com/technetwork/topics/security…
http://www.oracle.com/technetwork/security-adviso…
http://www.fortiguard.com/advisory/2015-03-24-ope…
http://www.oracle.com/technetwork/topics/security…
http://marc.info/?l=bugtraq&m=144050297101809&w=2	vendor-advisory
http://www.securitytracker.com/id/1031929	vdb-entry
https://security.gentoo.org/glsa/201503-11	vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1202338
https://cert-portal.siemens.com/productcert/pdf/s…

Date Public

2015-03-19 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.909Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
          },
          {
            "name": "73235",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73235"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=76343947ada960b6269090638f5391068daee88d"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "name": "1031929",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "name": "GLSA-201503-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202338"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10110"
        },
        {
          "name": "73235",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73235"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa92"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150319.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=76343947ada960b6269090638f5391068daee88d"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "name": "1031929",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1031929"
        },
        {
          "name": "GLSA-201503-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201503-11"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202338"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0291",
    "datePublished": "2015-03-19T00:00:00.000Z",
    "dateReserved": "2014-11-18T00:00:00.000Z",
    "dateUpdated": "2024-08-06T04:03:10.909Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2015-AVI-169

Solution

Tags

Sightings

Nomenclature

Action not permitted

CERTFR-2015-AVI-169

Solution

CVE-2015-0208 (GCVE-0-2015-0208)

CVE-2015-0209 (GCVE-0-2015-0209)

CVE-2015-0255 (GCVE-0-2015-0255)

CVE-2015-0285 (GCVE-0-2015-0285)

CVE-2015-0286 (GCVE-0-2015-0286)

CVE-2015-0287 (GCVE-0-2015-0287)

CVE-2015-0288 (GCVE-0-2015-0288)

CVE-2015-0289 (GCVE-0-2015-0289)

CVE-2015-0290 (GCVE-0-2015-0290)

CVE-2015-0291 (GCVE-0-2015-0291)

Tags

Sightings

Nomenclature