7.5

CVE-2015-3194

crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version1.0.1
OpenSSLOpenSSL Version1.0.1a
OpenSSLOpenSSL Version1.0.1b
OpenSSLOpenSSL Version1.0.1c
OpenSSLOpenSSL Version1.0.1d
OpenSSLOpenSSL Version1.0.1e
OpenSSLOpenSSL Version1.0.1f
OpenSSLOpenSSL Version1.0.1g
OpenSSLOpenSSL Version1.0.1h
OpenSSLOpenSSL Version1.0.1i
OpenSSLOpenSSL Version1.0.1j
OpenSSLOpenSSL Version1.0.1k
OpenSSLOpenSSL Version1.0.1l
OpenSSLOpenSSL Version1.0.1m
OpenSSLOpenSSL Version1.0.1n
OpenSSLOpenSSL Version1.0.1o
OpenSSLOpenSSL Version1.0.1p
OpenSSLOpenSSL Version1.0.2
OpenSSLOpenSSL Version1.0.2a
OpenSSLOpenSSL Version1.0.2b
OpenSSLOpenSSL Version1.0.2c
OpenSSLOpenSSL Version1.0.2d
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.04
CanonicalUbuntu Linux Version15.10
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
NodejsNode.Js Version >= 0.10.0 < 0.10.41
NodejsNode.Js Version >= 0.12.0 < 0.12.9
NodejsNode.Js SwEditionlts Version >= 4.0.0 < 4.2.3
NodejsNode.Js Version >= 5.0.0 < 5.1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 44.02% 0.986
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Patch
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Patch
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-2957.html
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Patch
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Vendor Advisory
http://www.securityfocus.com/bid/91787
Third Party Advisory
VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
Third Party Advisory
Mailing List
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
Third Party Advisory
http://fortiguard.com/advisory/openssl-advisory-december-2015
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Third Party Advisory
http://openssl.org/news/secadv/20151203.txt
Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
Third Party Advisory
http://www.securitytracker.com/id/1034294
Third Party Advisory
VDB Entry
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
Third Party Advisory
http://www.ubuntu.com/usn/USN-2830-1
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
Third Party Advisory
http://www.fortiguard.com/advisory/openssl-advisory-december-2015
Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=145382583417444&w=2
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2015-2617.html
Third Party Advisory
http://www.debian.org/security/2015/dsa-3413
Third Party Advisory
http://www.securityfocus.com/bid/78623
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1288320
Third Party Advisory
Issue Tracking
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c394a488942387246653833359a5c94b5832674e
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d8541d7e9e63bf5f343af24644046c8d96498c17
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
Third Party Advisory