4.3

CVE-2015-3196

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HpIcewall Sso Version10.0 SwEditioncertd
HpIcewall Sso Agent Option Version10.0
OpenSSLOpenSSL Version1.0.0
OpenSSLOpenSSL Version1.0.0a
OpenSSLOpenSSL Version1.0.0b
OpenSSLOpenSSL Version1.0.0c
OpenSSLOpenSSL Version1.0.0d
OpenSSLOpenSSL Version1.0.0e
OpenSSLOpenSSL Version1.0.0f
OpenSSLOpenSSL Version1.0.0g
OpenSSLOpenSSL Version1.0.0h
OpenSSLOpenSSL Version1.0.0i
OpenSSLOpenSSL Version1.0.0j
OpenSSLOpenSSL Version1.0.0k
OpenSSLOpenSSL Version1.0.0l
OpenSSLOpenSSL Version1.0.0m
OpenSSLOpenSSL Version1.0.0n
OpenSSLOpenSSL Version1.0.0o
OpenSSLOpenSSL Version1.0.0p
OpenSSLOpenSSL Version1.0.0q
OpenSSLOpenSSL Version1.0.0r
OpenSSLOpenSSL Version1.0.0s
OpenSSLOpenSSL Version1.0.1
OpenSSLOpenSSL Version1.0.1a
OpenSSLOpenSSL Version1.0.1b
OpenSSLOpenSSL Version1.0.1c
OpenSSLOpenSSL Version1.0.1d
OpenSSLOpenSSL Version1.0.1e
OpenSSLOpenSSL Version1.0.1f
OpenSSLOpenSSL Version1.0.1g
OpenSSLOpenSSL Version1.0.1h
OpenSSLOpenSSL Version1.0.1i
OpenSSLOpenSSL Version1.0.1j
OpenSSLOpenSSL Version1.0.1k
OpenSSLOpenSSL Version1.0.1l
OpenSSLOpenSSL Version1.0.1m
OpenSSLOpenSSL Version1.0.1n
OpenSSLOpenSSL Version1.0.1o
OracleVm Virtualbox Version >= 4.3.0 <= 4.3.35
OracleVm Virtualbox Version >= 5.0.0 <= 5.0.13
FedoraprojectFedora Version22
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.04
CanonicalUbuntu Linux Version15.10
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.81% 0.958
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Patch
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2957.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Third Party Advisory
http://fortiguard.com/advisory/openssl-advisory-december-2015
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Third Party Advisory
http://openssl.org/news/secadv/20151203.txt
Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
Third Party Advisory
http://www.securitytracker.com/id/1034294
Third Party Advisory
VDB Entry
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
Third Party Advisory
http://www.ubuntu.com/usn/USN-2830-1
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
Third Party Advisory
http://www.fortiguard.com/advisory/openssl-advisory-december-2015
Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=145382583417444&w=2
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2015-2617.html
Third Party Advisory
http://www.debian.org/security/2015/dsa-3413
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
Third Party Advisory
http://www.securityfocus.com/bid/78622
Third Party Advisory
VDB Entry
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c