Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-0286

Опубликовано: 19 мар. 2015
Источник: redhat
CVSS2: 4.3

Описание

The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.

An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5opensslNot affected
Red Hat Enterprise Linux 5openssl097aNot affected
Red Hat Enterprise Linux 6openssl098eNot affected
Red Hat Enterprise Linux 7openssl098eNot affected
Red Hat Enterprise Virtualization 3mingw-virt-viewerAffected
Red Hat JBoss Enterprise Application Platform 5opensslNot affected
Red Hat JBoss Enterprise Application Platform 6opensslNot affected
Red Hat JBoss Enterprise Web Server 1opensslWill not fix
Red Hat JBoss Enterprise Web Server 2opensslNot affected
Red Hat JBoss Enterprise Web Server 3opensslAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-822->CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1202366openssl: invalid pointer use in ASN1_TYPE_cmp()

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-0286

ubuntu
больше 10 лет назад

The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.

nvd логотип

CVE-2015-0286

nvd
больше 10 лет назад

The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.

debian логотип

CVE-2015-0286

debian
больше 10 лет назад

The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0 ...

github логотип

GHSA-77f5-q9w4-mgwj

github
около 3 лет назад

The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.

suse-cvrf логотип

SUSE-SU-2015:0541-1

suse-cvrf
больше 10 лет назад

Security update for openssl

4.3 Medium

CVSS2