5

CVE-2015-0287

The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version <= 0.9.8ze
OpenSSLOpenSSL Version1.0.0
OpenSSLOpenSSL Version1.0.0a
OpenSSLOpenSSL Version1.0.0b
OpenSSLOpenSSL Version1.0.0c
OpenSSLOpenSSL Version1.0.0d
OpenSSLOpenSSL Version1.0.0e
OpenSSLOpenSSL Version1.0.0f
OpenSSLOpenSSL Version1.0.0g
OpenSSLOpenSSL Version1.0.0h
OpenSSLOpenSSL Version1.0.0i
OpenSSLOpenSSL Version1.0.0j
OpenSSLOpenSSL Version1.0.0k
OpenSSLOpenSSL Version1.0.0l
OpenSSLOpenSSL Version1.0.0m
OpenSSLOpenSSL Version1.0.0n
OpenSSLOpenSSL Version1.0.0o
OpenSSLOpenSSL Version1.0.0p
OpenSSLOpenSSL Version1.0.0q
OpenSSLOpenSSL Version1.0.1
OpenSSLOpenSSL Version1.0.1a
OpenSSLOpenSSL Version1.0.1b
OpenSSLOpenSSL Version1.0.1c
OpenSSLOpenSSL Version1.0.1d
OpenSSLOpenSSL Version1.0.1e
OpenSSLOpenSSL Version1.0.1f
OpenSSLOpenSSL Version1.0.1g
OpenSSLOpenSSL Version1.0.1h
OpenSSLOpenSSL Version1.0.1i
OpenSSLOpenSSL Version1.0.1j
OpenSSLOpenSSL Version1.0.1k
OpenSSLOpenSSL Version1.0.1l
OpenSSLOpenSSL Version1.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.37% 0.943
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
https://support.apple.com/HT205212
https://support.apple.com/HT205267
https://support.citrix.com/article/CTX216642
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
http://support.apple.com/kb/HT204942
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://marc.info/?l=bugtraq&m=143748090628601&w=2
http://marc.info/?l=bugtraq&m=144050297101809&w=2
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
http://rhn.redhat.com/errata/RHSA-2015-0800.html
http://marc.info/?l=bugtraq&m=143213830203296&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2015:063
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
https://security.gentoo.org/glsa/201503-11
https://www.openssl.org/news/secadv_20150319.txt
Vendor Advisory
http://www.securitytracker.com/id/1031929
https://bto.bluecoat.com/security-advisory/sa92
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html
http://marc.info/?l=bugtraq&m=142841429220765&w=2
http://rhn.redhat.com/errata/RHSA-2015-0715.html
http://rhn.redhat.com/errata/RHSA-2015-0716.html
http://rhn.redhat.com/errata/RHSA-2015-0752.html
http://www.debian.org/security/2015/dsa-3197
http://www.ubuntu.com/usn/USN-2537-1
https://access.redhat.com/articles/1384453
https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
http://www.securityfocus.com/bid/73227
https://bugzilla.redhat.com/show_bug.cgi?id=1202380
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=b717b083073b6cacc0a5e2397b661678aff7ae7f