CVE-2015-0288

Опубликовано: 19 мар. 2015

Источник: redhat

CVSS2: 2.6

EPSS Низкий

Описание

The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.

A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	openssl097a	Will not fix
Red Hat Enterprise Linux 6	openssl098e	Will not fix
Red Hat Enterprise Linux 7	openssl098e	Will not fix
Red Hat Enterprise Virtualization 3	mingw-virt-viewer	Affected
Red Hat JBoss Enterprise Application Platform 6	openssl	Not affected
Red Hat JBoss Enterprise Web Server 1	openssl	Will not fix
Red Hat JBoss Enterprise Web Server 2	openssl	Not affected
Red Hat Enterprise Linux 5	openssl	Fixed	RHSA-2015:0800	13.04.2015
Red Hat Enterprise Linux 6	openssl	Fixed	RHSA-2015:0715	23.03.2015
Red Hat Enterprise Linux 7	openssl	Fixed	RHSA-2015:0716	23.03.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1202418openssl: X509_to_X509_REQ NULL pointer dereference

EPSS

Процентиль: 90%

0.06047

Низкий

2.6 Low

CVSS2

Связанные уязвимости

CVE-2015-0288

ubuntu

больше 10 лет назад

CVE-2015-0288

nvd

больше 10 лет назад

CVE-2015-0288

debian

больше 10 лет назад

The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL bef ...

GHSA-6m24-334v-vm3f

github

около 3 лет назад

SUSE-SU-2015:0541-1

suse-cvrf

больше 10 лет назад

Security update for openssl

EPSS

Процентиль: 90%

0.06047

Низкий

2.6 Low

CVSS2