Lucene search

PRIOn knowledge basePRION:CVE-2015-0288

HistoryMar 19, 2015 - 10:59 p.m.

Null pointer dereference

2015-03-1922:59:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.019 Low

EPSS

Percentile

88.2%

JSON

The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.

CPENameOperatorVersion
openssleq1.0.1106
openssleq1.0.110
openssleq1.0.99
openssleq1.0.105
openssleq1.0.1104
openssleq1.0.109
openssleq1.0.199
openssleq1.0.1103
openssleq1.0.104
openssleq1.0.101

Name	Operator	Version
openssl	eq	1.0.1106
openssl	eq	1.0.110
openssl	eq	1.0.99
openssl	eq	1.0.105
openssl	eq	1.0.1104
openssl	eq	1.0.109
openssl	eq	1.0.199
openssl	eq	1.0.1103
openssl	eq	1.0.104
openssl	eq	1.0.101

Rows per page:

1-10 of 331

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10680

lists.apple.com/archives/security-announce/2015/Jun/msg00002.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

lists.opensuse.org/opensuse-updates/2015-03/msg00062.html

rhn.redhat.com/errata/RHSA-2015-0715.html

rhn.redhat.com/errata/RHSA-2015-0716.html

rhn.redhat.com/errata/RHSA-2015-0752.html

rhn.redhat.com/errata/RHSA-2015-0800.html

support.apple.com/kb/HT204942

www.debian.org/security/2015/dsa-3197

www.mandriva.com/security/advisories?name=MDVSA-2015:062

www.mandriva.com/security/advisories?name=MDVSA-2015:063

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

www.securityfocus.com/bid/73237

www.securitytracker.com/id/1031929

www.ubuntu.com/usn/USN-2537-1

access.redhat.com/articles/1384453

bto.bluecoat.com/security-advisory/sa92

bugzilla.redhat.com/show_bug.cgi?id=1202418

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

git.openssl.org/gitweb/?p=openssl.git;a=commit;h=28a00bcd8e318da18031b2ac8778c64147cd54f9

kc.mcafee.com/corporate/index?page=content&id=SB10110

lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html

marc.info/?l=bugtraq&m=142841429220765&w=2

marc.info/?l=bugtraq&m=143213830203296&w=2

marc.info/?l=bugtraq&m=143748090628601&w=2

marc.info/?l=bugtraq&m=144050155601375&w=2

marc.info/?l=bugtraq&m=144050254401665&w=2

marc.info/?l=bugtraq&m=144050297101809&w=2

rt.openssl.org/Ticket/Display.html?id=3708&user=guest&pass=guest

security.gentoo.org/glsa/201503-11

support.citrix.com/article/CTX216642

www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc

www.openssl.org/news/secadv_20150319.txt

6.9 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.019 Low

EPSS

Percentile

88.2%

JSON

Null pointer dereference

References

Related