5

CVE-2015-1790

The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version <= 0.9.8zf
OpenSSLOpenSSL Version1.0.0
OpenSSLOpenSSL Version1.0.0 Updatebeta1
OpenSSLOpenSSL Version1.0.0 Updatebeta2
OpenSSLOpenSSL Version1.0.0 Updatebeta3
OpenSSLOpenSSL Version1.0.0 Updatebeta4
OpenSSLOpenSSL Version1.0.0 Updatebeta5
OpenSSLOpenSSL Version1.0.0a
OpenSSLOpenSSL Version1.0.0b
OpenSSLOpenSSL Version1.0.0c
OpenSSLOpenSSL Version1.0.0d
OpenSSLOpenSSL Version1.0.0e
OpenSSLOpenSSL Version1.0.0f
OpenSSLOpenSSL Version1.0.0g
OpenSSLOpenSSL Version1.0.0h
OpenSSLOpenSSL Version1.0.0i
OpenSSLOpenSSL Version1.0.0j
OpenSSLOpenSSL Version1.0.0k
OpenSSLOpenSSL Version1.0.0l
OpenSSLOpenSSL Version1.0.0m
OpenSSLOpenSSL Version1.0.0n
OpenSSLOpenSSL Version1.0.0o
OpenSSLOpenSSL Version1.0.0p
OpenSSLOpenSSL Version1.0.0q
OpenSSLOpenSSL Version1.0.0r
OpenSSLOpenSSL Version1.0.1
OpenSSLOpenSSL Version1.0.1 Updatebeta1
OpenSSLOpenSSL Version1.0.1 Updatebeta2
OpenSSLOpenSSL Version1.0.1 Updatebeta3
OpenSSLOpenSSL Version1.0.1a
OpenSSLOpenSSL Version1.0.1b
OpenSSLOpenSSL Version1.0.1c
OpenSSLOpenSSL Version1.0.1d
OpenSSLOpenSSL Version1.0.1e
OpenSSLOpenSSL Version1.0.1f
OpenSSLOpenSSL Version1.0.1g
OpenSSLOpenSSL Version1.0.1h
OpenSSLOpenSSL Version1.0.1i
OpenSSLOpenSSL Version1.0.1j
OpenSSLOpenSSL Version1.0.1k
OpenSSLOpenSSL Version1.0.1l
OpenSSLOpenSSL Version1.0.1m
OpenSSLOpenSSL Version1.0.2
OpenSSLOpenSSL Version1.0.2 Updatebeta1
OpenSSLOpenSSL Version1.0.2a
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 22.9% 0.974
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
https://support.apple.com/kb/HT205031
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
http://www.securityfocus.com/bid/91787
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
http://marc.info/?l=bugtraq&m=143880121627664&w=2
http://rhn.redhat.com/errata/RHSA-2015-1197.html
http://www.debian.org/security/2015/dsa-3287
https://bto.bluecoat.com/security-advisory/sa98
https://kc.mcafee.com/corporate/index?page=content&id=SB10122
https://openssl.org/news/secadv/20150611.txt
https://security.gentoo.org/glsa/201506-02
https://www.openssl.org/news/secadv_20150611.txt
Vendor Advisory
http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
http://rhn.redhat.com/errata/RHSA-2015-1115.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
http://www.securitytracker.com/id/1032564
http://www.ubuntu.com/usn/USN-2639-1
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html
http://marc.info/?l=bugtraq&m=143654156615516&w=2
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965
https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11
http://www.securityfocus.com/bid/75157
https://github.com/openssl/openssl/commit/59302b600e8d5b77ef144e447bb046fd7ab72686