5

CVE-2015-1794

The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version1.0.2
OpenSSLOpenSSL Version1.0.2a
OpenSSLOpenSSL Version1.0.2b
OpenSSLOpenSSL Version1.0.2c
OpenSSLOpenSSL Version1.0.2d
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.16% 0.926
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
http://fortiguard.com/advisory/openssl-advisory-december-2015
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://openssl.org/news/secadv/20151203.txt
Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
http://www.securitytracker.com/id/1034294
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
http://www.ubuntu.com/usn/USN-2830-1
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=ada57746b6b80beae73111fe1291bf8dd89af91c
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322