Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-0207

Опубликовано: 19 мар. 2015
Источник: redhat
CVSS2: 4.3
EPSS Средний

Описание

The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server.

Отчет

This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 5, 6, and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5opensslNot affected
Red Hat Enterprise Linux 5openssl097aNot affected
Red Hat Enterprise Linux 6opensslNot affected
Red Hat Enterprise Linux 6openssl098eNot affected
Red Hat Enterprise Linux 7opensslNot affected
Red Hat Enterprise Linux 7openssl098eNot affected
Red Hat Enterprise Virtualization 3mingw-virt-viewerNot affected
Red Hat JBoss Enterprise Application Platform 6opensslNot affected
Red Hat JBoss Enterprise Web Server 1opensslNot affected
Red Hat JBoss Enterprise Web Server 2opensslNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-822
https://bugzilla.redhat.com/show_bug.cgi?id=1202351openssl: DTLS segmentation fault in DTLSv1_listen

EPSS

Процентиль: 95%
0.17612
Средний

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-0207

ubuntu
почти 11 лет назад

The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server.

nvd логотип

CVE-2015-0207

nvd
почти 11 лет назад

The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server.

debian логотип

CVE-2015-0207

debian
почти 11 лет назад

The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a d ...

github логотип

GHSA-hj9v-2jmr-qwcf

github
больше 3 лет назад

The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server.

fstec логотип

BDU:2015-11029

fstec
почти 11 лет назад

Уязвимость библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 95%
0.17612
Средний

4.3 Medium

CVSS2