Veracode Vulnerability DatabaseVERACODE:11868Denial Of Service (DoS)
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
OpenSSL is vulnerable to denial of service (DoS) attacks. A malicious user can pass malformed PKCS#7 or CMS data to the server that can cause a memory leak that can lead to the system crashing.
References
fortiguard.com/advisory/openssl-advisory-december-2015
kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
lists.opensuse.org/opensuse-updates/2015-12/msg00070.html
lists.opensuse.org/opensuse-updates/2015-12/msg00071.html
lists.opensuse.org/opensuse-updates/2015-12/msg00087.html
lists.opensuse.org/opensuse-updates/2015-12/msg00103.html
marc.info/?l=bugtraq&m=145382583417444&w=2
openssl.org/news/secadv/20151203.txt
rhn.redhat.com/errata/RHSA-2015-2616.html
rhn.redhat.com/errata/RHSA-2015-2617.html
rhn.redhat.com/errata/RHSA-2016-2056.html
rhn.redhat.com/errata/RHSA-2016-2957.html
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
www.debian.org/security/2015/dsa-3413
www.fortiguard.com/advisory/openssl-advisory-december-2015
www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
www.securityfocus.com/bid/78626
www.securityfocus.com/bid/91787
www.securitytracker.com/id/1034294
www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
www.ubuntu.com/usn/USN-2830-1
access.redhat.com/security/updates/classification/#moderate
cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
openssl.org/news/secadv/20151203.txt
rhn.redhat.com/errata/RHSA-2015-2616.html
support.apple.com/HT206167
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P