7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
OpenSSL is vulnerable to denial of service (DoS) attacks through memory consumption and application crash. This is caused because the dtls1_clear_queues function in d1_lib.c frees data not taking into account that application data could arrive between the ChangeCipherSpec message and the Finished message. This can cause the DTLS peer to buffer the application data and cause a segmentation fault.
fortiguard.com/advisory/openssl-vulnerabilities-june-2015
ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
rhn.redhat.com/errata/RHSA-2015-1115.html
rhn.redhat.com/errata/RHSA-2016-2957.html
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
www.debian.org/security/2015/dsa-3287
www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
www.securityfocus.com/bid/75159
www.securitytracker.com/id/1032564
www.ubuntu.com/usn/USN-2639-1
bto.bluecoat.com/security-advisory/sa98
cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
kc.mcafee.com/corporate/index?page=content&id=SB10122
openssl.org/news/secadv/20150611.txt
rt.openssl.org/Ticket/Display.html?id=3286&user=guest&pass=guest
security.gentoo.org/glsa/201506-02
www.openssl.org/news/secadv/20150611.txt
www.openssl.org/news/secadv_20150611.txt