Lucene search

PRIOn knowledge basePRION:CVE-2015-1790

HistoryJun 12, 2015 - 7:59 p.m.

Null pointer dereference

2015-06-1219:59:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.444 Medium

EPSS

Percentile

97.3%

JSON

The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.

CPENameOperatorVersion
openssleq<= 0.9.8zf
openssleq1.0.1109
openssleq1.0.297
openssleq1.0.1106
openssleq1.0.110
openssleq1.0.1 beta2
openssleq1.0.99
openssleq1.0.105
openssleq1.0.0 beta1
openssleq1.0.1104

Name	Operator	Version
openssl	eq	<= 0.9.8zf
openssl	eq	1.0.1109
openssl	eq	1.0.297
openssl	eq	1.0.1106
openssl	eq	1.0.110
openssl	eq	1.0.1 beta2
openssl	eq	1.0.99
openssl	eq	1.0.105
openssl	eq	1.0.0 beta1
openssl	eq	1.0.1104

Rows per page:

1-10 of 451

References

fortiguard.com/advisory/openssl-vulnerabilities-june-2015

ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc

kb.juniper.net/InfoCenter/index?page=content&id=JSA10694

kb.juniper.net/InfoCenter/index?page=content&id=JSA10733

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

rhn.redhat.com/errata/RHSA-2015-1115.html

rhn.redhat.com/errata/RHSA-2015-1197.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl

www.debian.org/security/2015/dsa-3287

www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015

www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015

www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

www.securityfocus.com/bid/75157

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1032564

www.ubuntu.com/usn/USN-2639-1

bto.bluecoat.com/security-advisory/sa98

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

github.com/openssl/openssl/commit/59302b600e8d5b77ef144e447bb046fd7ab72686

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965

kc.mcafee.com/corporate/index?page=content&id=SB10122

lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html

lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html

marc.info/?l=bugtraq&m=143654156615516&w=2

marc.info/?l=bugtraq&m=143880121627664&w=2

marc.info/?l=bugtraq&m=144050155601375&w=2

openssl.org/news/secadv/20150611.txt

security.gentoo.org/glsa/201506-02

support.apple.com/kb/HT205031

www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11

www.openssl.org/news/secadv_20150611.txt

6.9 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.444 Medium

EPSS

Percentile

97.3%

JSON

Null pointer dereference

References

Related