Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-0290

Опубликовано: 19 мар. 2015
Источник: redhat
CVSS2: 2.6

Описание

The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors.

Отчет

This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 5, 6, and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5opensslNot affected
Red Hat Enterprise Linux 5openssl097aNot affected
Red Hat Enterprise Linux 6opensslNot affected
Red Hat Enterprise Linux 6openssl098eNot affected
Red Hat Enterprise Linux 7opensslNot affected
Red Hat Enterprise Linux 7openssl098eNot affected
Red Hat Enterprise Virtualization 3mingw-virt-viewerNot affected
Red Hat JBoss Enterprise Application Platform 6opensslNot affected
Red Hat JBoss Enterprise Web Server 1opensslNot affected
Red Hat JBoss Enterprise Web Server 2opensslNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1202345openssl: multiblock corrupted pointer

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-0290

ubuntu
почти 11 лет назад

The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors.

nvd логотип

CVE-2015-0290

nvd
почти 11 лет назад

The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors.

debian логотип

CVE-2015-0290

debian
почти 11 лет назад

The multi-block feature in the ssl3_write_bytes function in s3_pkt.c i ...

github логотип

GHSA-hhgx-2m78-2p9v

github
больше 3 лет назад

The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors.

fstec логотип

BDU:2015-11032

fstec
почти 11 лет назад

Уязвимость библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании

2.6 Low

CVSS2