Lucene search

[email protected]CVE-2015-1789

HistoryJun 12, 2015 - 7:59 p.m.

CVE-2015-1789

2015-06-1219:59:02

CWE-119

[email protected]

web.nvd.nist.gov

133

openssl

cve-2015-1789

x509_cmp_time

denial of service

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.332 Low

EPSS

Percentile

97.1%

JSON

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

Affected configurations

NVD

Node

opensslopensslRange≤0.9.8zf

opensslopensslMatch1.0.0

opensslopensslMatch1.0.0beta1

opensslopensslMatch1.0.0beta2

opensslopensslMatch1.0.0beta3

opensslopensslMatch1.0.0beta4

opensslopensslMatch1.0.0beta5

opensslopensslMatch1.0.0a

opensslopensslMatch1.0.0b

opensslopensslMatch1.0.0c

opensslopensslMatch1.0.0d

opensslopensslMatch1.0.0e

opensslopensslMatch1.0.0f

opensslopensslMatch1.0.0g

opensslopensslMatch1.0.0h

opensslopensslMatch1.0.0i

opensslopensslMatch1.0.0j

opensslopensslMatch1.0.0k

opensslopensslMatch1.0.0l

opensslopensslMatch1.0.0m

opensslopensslMatch1.0.0n

opensslopensslMatch1.0.0o

opensslopensslMatch1.0.0p

opensslopensslMatch1.0.0q

opensslopensslMatch1.0.0r

opensslopensslMatch1.0.1

opensslopensslMatch1.0.1beta1

opensslopensslMatch1.0.1beta2

opensslopensslMatch1.0.1beta3

opensslopensslMatch1.0.1a

opensslopensslMatch1.0.1b

opensslopensslMatch1.0.1c

opensslopensslMatch1.0.1d

opensslopensslMatch1.0.1e

opensslopensslMatch1.0.1f

opensslopensslMatch1.0.1g

opensslopensslMatch1.0.1h

opensslopensslMatch1.0.1i

opensslopensslMatch1.0.1j

opensslopensslMatch1.0.1k

opensslopensslMatch1.0.1l

opensslopensslMatch1.0.1m

opensslopensslMatch1.0.2

opensslopensslMatch1.0.2beta1

opensslopensslMatch1.0.2a

Node

oraclesparc-opl_service_processorRange≤1121

CPENameOperatorVersion
openssl:opensslopensslle0.9.8zf
openssl:opensslopenssleq1.0.0
openssl:opensslopenssleq1.0.0a
openssl:opensslopenssleq1.0.0b
openssl:opensslopenssleq1.0.0c
openssl:opensslopenssleq1.0.0d
openssl:opensslopenssleq1.0.0e
openssl:opensslopenssleq1.0.0f
openssl:opensslopenssleq1.0.0g
openssl:opensslopenssleq1.0.0h

CPE	Name	Operator	Version
openssl:openssl	openssl	le	0.9.8zf
openssl:openssl	openssl	eq	1.0.0
openssl:openssl	openssl	eq	1.0.0a
openssl:openssl	openssl	eq	1.0.0b
openssl:openssl	openssl	eq	1.0.0c
openssl:openssl	openssl	eq	1.0.0d
openssl:openssl	openssl	eq	1.0.0e
openssl:openssl	openssl	eq	1.0.0f
openssl:openssl	openssl	eq	1.0.0g
openssl:openssl	openssl	eq	1.0.0h

Rows per page:

1-10 of 361

References

fortiguard.com/advisory/openssl-vulnerabilities-june-2015

ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc

kb.juniper.net/InfoCenter/index?page=content&id=JSA10694

kb.juniper.net/InfoCenter/index?page=content&id=JSA10733

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html

lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

marc.info/?l=bugtraq&m=143654156615516&w=2

marc.info/?l=bugtraq&m=143880121627664&w=2

marc.info/?l=bugtraq&m=144050155601375&w=2

rhn.redhat.com/errata/RHSA-2015-1115.html

rhn.redhat.com/errata/RHSA-2015-1197.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl

www.debian.org/security/2015/dsa-3287

www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015

www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015

www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

www.securityfocus.com/bid/75156

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1032564

www.ubuntu.com/usn/USN-2639-1

bto.bluecoat.com/security-advisory/sa98

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965

kc.mcafee.com/corporate/index?page=content&id=SB10122

openssl.org/news/secadv/20150611.txt

security.gentoo.org/glsa/201506-02

support.apple.com/kb/HT205031

support.citrix.com/article/CTX216642

www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11

www.openssl.org/news/secadv_20150611.txt

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.332 Low

EPSS

Percentile

97.1%

JSON

CVE-2015-1789

Affected configurations

References

Social References

Related