Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-0292

Опубликовано: 19 мар. 2015
Источник: redhat
CVSS2: 5.1
EPSS Низкий

Описание

Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.

An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5openssl097aWill not fix
Red Hat Enterprise Linux 6openssl098eWill not fix
Red Hat Enterprise Linux 7openssl098eWill not fix
Red Hat Enterprise Virtualization 3mingw-virt-viewerAffected
Red Hat JBoss Enterprise Application Platform 6opensslNot affected
Red Hat JBoss Enterprise Web Server 1opensslWill not fix
Red Hat JBoss Enterprise Web Server 2opensslNot affected
Red Hat JBoss Enterprise Web Server 3opensslNot affected
Red Hat Enterprise Linux 5opensslFixedRHSA-2015:080013.04.2015
Red Hat Enterprise Linux 6opensslFixedRHSA-2015:071523.03.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190->CWE-120
https://bugzilla.redhat.com/show_bug.cgi?id=1202395openssl: integer underflow leading to buffer overflow in base64 decoding

EPSS

Процентиль: 90%
0.06215
Низкий

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-0292

ubuntu
больше 10 лет назад

Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.

nvd логотип

CVE-2015-0292

nvd
больше 10 лет назад

Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.

debian логотип

CVE-2015-0292

debian
больше 10 лет назад

Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encod ...

github логотип

GHSA-3467-h7vq-fjwx

github
около 3 лет назад

Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.

oracle-oval логотип

ELSA-2015-3022

oracle-oval
больше 10 лет назад

ELSA-2015-3022: openssl-fips security update (MODERATE)

EPSS

Процентиль: 90%
0.06215
Низкий

5.1 Medium

CVSS2