CVE-2015-1789

EPSS 3.91%
Published 12.06.2015 19:59:02
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

Affected products Warnungen 0 Metrics 3 CWE 1 References 58

Data is provided by the National Vulnerability Database (NVD)

OpenSSL ≫ OpenSSL Version <= 0.9.8zf

OpenSSL ≫ OpenSSL Version1.0.0

OpenSSL ≫ OpenSSL Version1.0.0 Updatebeta1

OpenSSL ≫ OpenSSL Version1.0.0 Updatebeta2

OpenSSL ≫ OpenSSL Version1.0.0 Updatebeta3

OpenSSL ≫ OpenSSL Version1.0.0 Updatebeta4

OpenSSL ≫ OpenSSL Version1.0.0 Updatebeta5

OpenSSL ≫ OpenSSL Version1.0.0a

OpenSSL ≫ OpenSSL Version1.0.0b

OpenSSL ≫ OpenSSL Version1.0.0c

OpenSSL ≫ OpenSSL Version1.0.0d

OpenSSL ≫ OpenSSL Version1.0.0e

OpenSSL ≫ OpenSSL Version1.0.0f

OpenSSL ≫ OpenSSL Version1.0.0g

OpenSSL ≫ OpenSSL Version1.0.0h

OpenSSL ≫ OpenSSL Version1.0.0i

OpenSSL ≫ OpenSSL Version1.0.0j

OpenSSL ≫ OpenSSL Version1.0.0k

OpenSSL ≫ OpenSSL Version1.0.0l

OpenSSL ≫ OpenSSL Version1.0.0m

OpenSSL ≫ OpenSSL Version1.0.0n

OpenSSL ≫ OpenSSL Version1.0.0o

OpenSSL ≫ OpenSSL Version1.0.0p

OpenSSL ≫ OpenSSL Version1.0.0q

OpenSSL ≫ OpenSSL Version1.0.0r

OpenSSL ≫ OpenSSL Version1.0.1

OpenSSL ≫ OpenSSL Version1.0.1 Updatebeta1

OpenSSL ≫ OpenSSL Version1.0.1 Updatebeta2

OpenSSL ≫ OpenSSL Version1.0.1 Updatebeta3

OpenSSL ≫ OpenSSL Version1.0.1a

OpenSSL ≫ OpenSSL Version1.0.1b

OpenSSL ≫ OpenSSL Version1.0.1c

OpenSSL ≫ OpenSSL Version1.0.1d

OpenSSL ≫ OpenSSL Version1.0.1e

OpenSSL ≫ OpenSSL Version1.0.1f

OpenSSL ≫ OpenSSL Version1.0.1g

OpenSSL ≫ OpenSSL Version1.0.1h

OpenSSL ≫ OpenSSL Version1.0.1i

OpenSSL ≫ OpenSSL Version1.0.1j

OpenSSL ≫ OpenSSL Version1.0.1k

OpenSSL ≫ OpenSSL Version1.0.1l

OpenSSL ≫ OpenSSL Version1.0.1m

OpenSSL ≫ OpenSSL Version1.0.2

OpenSSL ≫ OpenSSL Version1.0.2 Updatebeta1

OpenSSL ≫ OpenSSL Version1.0.2a

Oracle ≫ Sparc-opl Service Processor Version <= 1121

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.91%	0.878

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

https://support.apple.com/kb/HT205031

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html