CVE-2015-5291

2015-11-0219:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-5291

heap-based buffer overflow

polarssl

arm mbed tls

remote ssl servers

denial of service

client crash

arbitrary code

sni extension

security vulnerability

8.3 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

86.0%

JSON

Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.

CPENameOperatorVersion
arm:mbed_tlsarm mbed tlslt1.3.14
arm:mbed_tlsarm mbed tlslt2.1.2
polarssl:polarsslpolarssllt1.2.17
debian:debian_linuxdebian debian linuxeq8.0
debian:debian_linuxdebian debian linuxeq7.0
fedoraproject:fedorafedoraproject fedoraeq22
fedoraproject:fedorafedoraproject fedoraeq23
fedoraproject:fedorafedoraproject fedoraeq21
opensuse:leapopensuse leapeq42.1
opensuse:opensuseopensuseeq13.2

CPE	Name	Operator	Version
arm:mbed_tls	arm mbed tls	lt	1.3.14
arm:mbed_tls	arm mbed tls	lt	2.1.2
polarssl:polarssl	polarssl	lt	1.2.17
debian:debian_linux	debian debian linux	eq	8.0
debian:debian_linux	debian debian linux	eq	7.0
fedoraproject:fedora	fedoraproject fedora	eq	22
fedoraproject:fedora	fedoraproject fedora	eq	23
fedoraproject:fedora	fedoraproject fedora	eq	21
opensuse:leap	opensuse leap	eq	42.1
opensuse:opensuse	opensuse	eq	13.2