4.3

CVE-2015-1788

The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version <= 0.9.8zf
OpenSSLOpenSSL Version1.0.0
OpenSSLOpenSSL Version1.0.0 Updatebeta1
OpenSSLOpenSSL Version1.0.0 Updatebeta2
OpenSSLOpenSSL Version1.0.0 Updatebeta3
OpenSSLOpenSSL Version1.0.0 Updatebeta4
OpenSSLOpenSSL Version1.0.0 Updatebeta5
OpenSSLOpenSSL Version1.0.0a
OpenSSLOpenSSL Version1.0.0b
OpenSSLOpenSSL Version1.0.0c
OpenSSLOpenSSL Version1.0.0d
OpenSSLOpenSSL Version1.0.0e
OpenSSLOpenSSL Version1.0.0f
OpenSSLOpenSSL Version1.0.0g
OpenSSLOpenSSL Version1.0.0h
OpenSSLOpenSSL Version1.0.0i
OpenSSLOpenSSL Version1.0.0j
OpenSSLOpenSSL Version1.0.0k
OpenSSLOpenSSL Version1.0.0l
OpenSSLOpenSSL Version1.0.0m
OpenSSLOpenSSL Version1.0.0n
OpenSSLOpenSSL Version1.0.0o
OpenSSLOpenSSL Version1.0.0p
OpenSSLOpenSSL Version1.0.0q
OpenSSLOpenSSL Version1.0.0r
OpenSSLOpenSSL Version1.0.1
OpenSSLOpenSSL Version1.0.1 Updatebeta1
OpenSSLOpenSSL Version1.0.1 Updatebeta2
OpenSSLOpenSSL Version1.0.1 Updatebeta3
OpenSSLOpenSSL Version1.0.1a
OpenSSLOpenSSL Version1.0.1b
OpenSSLOpenSSL Version1.0.1c
OpenSSLOpenSSL Version1.0.1d
OpenSSLOpenSSL Version1.0.1e
OpenSSLOpenSSL Version1.0.1f
OpenSSLOpenSSL Version1.0.1g
OpenSSLOpenSSL Version1.0.1h
OpenSSLOpenSSL Version1.0.1i
OpenSSLOpenSSL Version1.0.1j
OpenSSLOpenSSL Version1.0.1k
OpenSSLOpenSSL Version1.0.1l
OpenSSLOpenSSL Version1.0.1m
OpenSSLOpenSSL Version1.0.2
OpenSSLOpenSSL Version1.0.2 Updatebeta1
OpenSSLOpenSSL Version1.0.2a
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 23.22% 0.975
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
https://support.apple.com/kb/HT205031
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
https://support.citrix.com/article/CTX216642
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
http://www.securityfocus.com/bid/91787
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
http://marc.info/?l=bugtraq&m=143880121627664&w=2
http://www-304.ibm.com/support/docview.wss?uid=swg21960041
http://www.debian.org/security/2015/dsa-3287
https://bto.bluecoat.com/security-advisory/sa98
https://kc.mcafee.com/corporate/index?page=content&id=SB10122
https://openssl.org/news/secadv/20150611.txt
https://security.gentoo.org/glsa/201506-02
https://www.openssl.org/news/secadv_20150611.txt
Vendor Advisory
http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
http://www.securitytracker.com/id/1032564
http://www.ubuntu.com/usn/USN-2639-1
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
http://www.securityfocus.com/bid/75158
https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044