CVE-2015-0290

Опубликовано: 19 мар. 2015

Источник: nvd

CVSS2: 5

EPSS Средний

Описание

The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors.

Ссылки

http://marc.info/?l=bugtraq&m=143748090628601&w=2
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=144050155601375&w=2
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=144050297101809&w=2
Mailing List
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Third Party Advisory
http://www.securityfocus.com/bid/73226
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1031929
Third Party Advisory
VDB Entry
https://bto.bluecoat.com/security-advisory/sa92
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1202345
Issue Tracking
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=77c77f0a1b9f15b869ca3342186dfbedd1119d0e
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
Third Party Advisory
https://security.gentoo.org/glsa/201503-11
Third Party Advisory
https://www.openssl.org/news/secadv_20150319.txt
Vendor Advisory
http://marc.info/?l=bugtraq&m=143748090628601&w=2
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=144050155601375&w=2
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=144050297101809&w=2
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.17612

Средний

5 Medium

CVSS2

Дефекты

CWE-17

Связанные уязвимости

CVE-2015-0290

ubuntu

почти 11 лет назад

CVE-2015-0290

redhat

почти 11 лет назад

CVE-2015-0290

debian

почти 11 лет назад

The multi-block feature in the ssl3_write_bytes function in s3_pkt.c i ...

GHSA-hhgx-2m78-2p9v

github

больше 3 лет назад

BDU:2015-11032

fstec

почти 11 лет назад

Уязвимость библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 95%

0.17612

Средний

5 Medium

CVSS2

Дефекты

CWE-17