Veracode Vulnerability DatabaseVERACODE:3556Denial Of Service (DoS)
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
OpenSSL is vulnerable to denial of service (DoS) attacks. These attacks are possible because OpenSSL does not reinitialize the CHOICE and ADB data structures, allowing attackers to cause invalid write operations and memory corruption through an application that relies on ASN.1 structure reuse.
References
kb.juniper.net/InfoCenter/index?page=content&id=JSA10680
lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html
lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html
lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html
lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html
lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html
lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html
lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
lists.opensuse.org/opensuse-updates/2015-03/msg00062.html
marc.info/?l=bugtraq&m=142841429220765&w=2
marc.info/?l=bugtraq&m=143213830203296&w=2
marc.info/?l=bugtraq&m=143748090628601&w=2
marc.info/?l=bugtraq&m=144050155601375&w=2
marc.info/?l=bugtraq&m=144050297101809&w=2
rhn.redhat.com/errata/RHSA-2015-0715.html
rhn.redhat.com/errata/RHSA-2015-0716.html
rhn.redhat.com/errata/RHSA-2015-0752.html
rhn.redhat.com/errata/RHSA-2015-0800.html
support.apple.com/kb/HT204942
www.debian.org/security/2015/dsa-3197
www.mandriva.com/security/advisories?name=MDVSA-2015:062
www.mandriva.com/security/advisories?name=MDVSA-2015:063
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
www.securityfocus.com/bid/73227
www.securitytracker.com/id/1031929
www.ubuntu.com/usn/USN-2537-1
access.redhat.com/articles/1384453
bto.bluecoat.com/security-advisory/sa92
bugzilla.redhat.com/show_bug.cgi?id=1202380
cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
git.openssl.org/?p=openssl.git;a=commit;h=b717b083073b6cacc0a5e2397b661678aff7ae7f
kc.mcafee.com/corporate/index?page=content&id=SB10110
security.gentoo.org/glsa/201503-11
support.apple.com/HT205212
support.apple.com/HT205267
support.citrix.com/article/CTX216642
www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc
www.openssl.org/news/secadv/20150319.txt
www.openssl.org/news/secadv_20150319.txt
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P