Lucene search

K
f5F5F5:K55540723
HistoryDec 04, 2015 - 12:00 a.m.

K55540723 : OpenSSL vulnerability CVE-2015-3196

2015-12-0400:00:00
my.f5.com
26

6.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.039 Low

EPSS

Percentile

91.1%

Security Advisory Description

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. (CVE-2015-3196)
Impact
This vulnerability may allow a remote server to cause a denial-of-service (race condition and double free) via a crafted ServerKeyExchange message. This vulnerability may be exposed on the BIG-IP control plane when connecting to a malicious server using theOpenSSL utility from the BIG-IP command line, or for Extended Application Verification (EAV) monitor connections which use multiple threads.

6.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.039 Low

EPSS

Percentile

91.1%