5

CVE-2015-0289

The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version <= 0.9.8ze
OpenSSLOpenSSL Version1.0.0
OpenSSLOpenSSL Version1.0.0a
OpenSSLOpenSSL Version1.0.0b
OpenSSLOpenSSL Version1.0.0c
OpenSSLOpenSSL Version1.0.0d
OpenSSLOpenSSL Version1.0.0e
OpenSSLOpenSSL Version1.0.0f
OpenSSLOpenSSL Version1.0.0g
OpenSSLOpenSSL Version1.0.0h
OpenSSLOpenSSL Version1.0.0i
OpenSSLOpenSSL Version1.0.0j
OpenSSLOpenSSL Version1.0.0k
OpenSSLOpenSSL Version1.0.0l
OpenSSLOpenSSL Version1.0.0m
OpenSSLOpenSSL Version1.0.0n
OpenSSLOpenSSL Version1.0.0o
OpenSSLOpenSSL Version1.0.0p
OpenSSLOpenSSL Version1.0.0q
OpenSSLOpenSSL Version1.0.1
OpenSSLOpenSSL Version1.0.1a
OpenSSLOpenSSL Version1.0.1b
OpenSSLOpenSSL Version1.0.1c
OpenSSLOpenSSL Version1.0.1d
OpenSSLOpenSSL Version1.0.1e
OpenSSLOpenSSL Version1.0.1f
OpenSSLOpenSSL Version1.0.1g
OpenSSLOpenSSL Version1.0.1h
OpenSSLOpenSSL Version1.0.1i
OpenSSLOpenSSL Version1.0.1j
OpenSSLOpenSSL Version1.0.1k
OpenSSLOpenSSL Version1.0.1l
OpenSSLOpenSSL Version1.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.37% 0.943
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
http://support.apple.com/kb/HT204942
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://marc.info/?l=bugtraq&m=143748090628601&w=2
http://marc.info/?l=bugtraq&m=144050297101809&w=2
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
http://rhn.redhat.com/errata/RHSA-2015-0800.html
http://marc.info/?l=bugtraq&m=143213830203296&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2015:063
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
https://security.gentoo.org/glsa/201503-11
https://www.openssl.org/news/secadv_20150319.txt
Vendor Advisory
http://www.securitytracker.com/id/1031929
https://bto.bluecoat.com/security-advisory/sa92
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html
http://marc.info/?l=bugtraq&m=142841429220765&w=2
http://rhn.redhat.com/errata/RHSA-2015-0715.html
http://rhn.redhat.com/errata/RHSA-2015-0716.html
http://rhn.redhat.com/errata/RHSA-2015-0752.html
http://www.debian.org/security/2015/dsa-3197
http://www.ubuntu.com/usn/USN-2537-1
https://access.redhat.com/articles/1384453
https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc
http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015
http://www.securityfocus.com/bid/73231
https://bugzilla.redhat.com/show_bug.cgi?id=1202384
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c0334c2c92dd1bc3ad8138ba6e74006c3631b0f9