Lucene search

[email protected]NVD:CVE-2015-0287

HistoryMar 19, 2015 - 10:59 p.m.

CVE-2015-0287

2015-03-1922:59:05

CWE-17

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.4

Confidence

High

EPSS

0.022

Percentile

89.7%

JSON

The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.

Affected configurations

Nvd

Node

opensslopensslRange≤0.9.8ze

opensslopensslMatch1.0.0

opensslopensslMatch1.0.0a

opensslopensslMatch1.0.0b

opensslopensslMatch1.0.0c

opensslopensslMatch1.0.0d

opensslopensslMatch1.0.0e

opensslopensslMatch1.0.0f

opensslopensslMatch1.0.0g

opensslopensslMatch1.0.0h

opensslopensslMatch1.0.0i

opensslopensslMatch1.0.0j

opensslopensslMatch1.0.0k

opensslopensslMatch1.0.0l

opensslopensslMatch1.0.0m

opensslopensslMatch1.0.0n

opensslopensslMatch1.0.0o

opensslopensslMatch1.0.0p

opensslopensslMatch1.0.0q

opensslopensslMatch1.0.1

opensslopensslMatch1.0.1a

opensslopensslMatch1.0.1b

opensslopensslMatch1.0.1c

opensslopensslMatch1.0.1d

opensslopensslMatch1.0.1e

opensslopensslMatch1.0.1f

opensslopensslMatch1.0.1g

opensslopensslMatch1.0.1h

opensslopensslMatch1.0.1i

opensslopensslMatch1.0.1j

opensslopensslMatch1.0.1k

opensslopensslMatch1.0.1l

opensslopensslMatch1.0.2

VendorProductVersionCPE
opensslopenssl*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
opensslopenssl1.0.0cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
opensslopenssl1.0.0acpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
opensslopenssl1.0.0bcpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
opensslopenssl1.0.0ccpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
opensslopenssl1.0.0dcpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
opensslopenssl1.0.0ecpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
opensslopenssl1.0.0fcpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
opensslopenssl1.0.0gcpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
opensslopenssl1.0.0hcpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openssl	openssl	*	cpe:2.3:a:openssl:openssl::::::::
openssl	openssl	1.0.0	cpe:2.3:a:openssl:openssl:1.0.0:::::::*
openssl	openssl	1.0.0a	cpe:2.3:a:openssl:openssl:1.0.0a:::::::*
openssl	openssl	1.0.0b	cpe:2.3:a:openssl:openssl:1.0.0b:::::::*
openssl	openssl	1.0.0c	cpe:2.3:a:openssl:openssl:1.0.0c:::::::*
openssl	openssl	1.0.0d	cpe:2.3:a:openssl:openssl:1.0.0d:::::::*
openssl	openssl	1.0.0e	cpe:2.3:a:openssl:openssl:1.0.0e:::::::*
openssl	openssl	1.0.0f	cpe:2.3:a:openssl:openssl:1.0.0f:::::::*
openssl	openssl	1.0.0g	cpe:2.3:a:openssl:openssl:1.0.0g:::::::*
openssl	openssl	1.0.0h	cpe:2.3:a:openssl:openssl:1.0.0h:::::::*

Rows per page:

1-10 of 331

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10680

lists.apple.com/archives/security-announce/2015/Jun/msg00002.html

lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html

lists.opensuse.org/opensuse-updates/2015-03/msg00062.html

marc.info/?l=bugtraq&m=142841429220765&w=2

marc.info/?l=bugtraq&m=143213830203296&w=2

marc.info/?l=bugtraq&m=143748090628601&w=2

marc.info/?l=bugtraq&m=144050155601375&w=2

marc.info/?l=bugtraq&m=144050297101809&w=2

rhn.redhat.com/errata/RHSA-2015-0715.html

rhn.redhat.com/errata/RHSA-2015-0716.html

rhn.redhat.com/errata/RHSA-2015-0752.html

rhn.redhat.com/errata/RHSA-2015-0800.html

support.apple.com/kb/HT204942

www.debian.org/security/2015/dsa-3197

www.mandriva.com/security/advisories?name=MDVSA-2015:062

www.mandriva.com/security/advisories?name=MDVSA-2015:063

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

www.securityfocus.com/bid/73227

www.securitytracker.com/id/1031929

www.ubuntu.com/usn/USN-2537-1

access.redhat.com/articles/1384453

bto.bluecoat.com/security-advisory/sa92

bugzilla.redhat.com/show_bug.cgi?id=1202380

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=b717b083073b6cacc0a5e2397b661678aff7ae7f

kc.mcafee.com/corporate/index?page=content&id=SB10110

security.gentoo.org/glsa/201503-11

support.apple.com/HT205212

support.apple.com/HT205267

support.citrix.com/article/CTX216642

www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc

www.openssl.org/news/secadv_20150319.txt

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.4

Confidence

High

EPSS

0.022

Percentile

89.7%

JSON

CVE-2015-0287

Affected configurations

References

Related