Lucene search

PRIOn knowledge basePRION:CVE-2015-0292

HistoryMar 19, 2015 - 10:59 p.m.

Integer overflow

2015-03-1922:59:00

PRIOn knowledge base

www.prio-n.com

9.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.221 Low

EPSS

Percentile

96.3%

JSON

Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.

CPENameOperatorVersion
openssleq1.0.99
openssleq1.0.105
openssleq1.0.199
openssleq1.0.1103
openssleq1.0.104
openssleq1.0.101
openssleq1.0.102
openssleq1.0.100
openssleq1.0.106
openssleq1.0.197

Name	Operator	Version
openssl	eq	1.0.99
openssl	eq	1.0.105
openssl	eq	1.0.199
openssl	eq	1.0.1103
openssl	eq	1.0.104
openssl	eq	1.0.101
openssl	eq	1.0.102
openssl	eq	1.0.100
openssl	eq	1.0.106
openssl	eq	1.0.197

Rows per page:

1-10 of 221

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10680

lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

rhn.redhat.com/errata/RHSA-2015-0715.html

rhn.redhat.com/errata/RHSA-2015-0716.html

rhn.redhat.com/errata/RHSA-2015-0752.html

rhn.redhat.com/errata/RHSA-2015-0800.html

www.debian.org/security/2015/dsa-3197

www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

www.securityfocus.com/bid/73228

www.securitytracker.com/id/1031929

www.ubuntu.com/usn/USN-2537-1

access.redhat.com/articles/1384453

bto.bluecoat.com/security-advisory/sa92

bugzilla.redhat.com/show_bug.cgi?id=1202395

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d0666f289ac013094bbbf547bfbcd616199b7d2d

kc.mcafee.com/corporate/index?page=content&id=SB10110

lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html

marc.info/?l=bugtraq&m=143213830203296&w=2

marc.info/?l=bugtraq&m=143748090628601&w=2

marc.info/?l=bugtraq&m=144050155601375&w=2

marc.info/?l=bugtraq&m=144050297101809&w=2

rt.openssl.org/Ticket/Display.html?id=2608&user=guest&pass=guest

security.gentoo.org/glsa/201503-11

support.citrix.com/article/CTX216642

www.openssl.org/news/secadv_20150319.txt

9.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.221 Low

EPSS

Percentile

96.3%

JSON

Related for PRION:CVE-2015-0292