Tenable8791.PRMOpenSSL 0.9.8 < 0.9.8zg / 1.0.0 < 1.0.0s Multiple Vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
97.9%
Versions of OpenSSL prior to 0.9.8zg, or 1.0.0 prior to 1.0.0s are unpatched for the following vulnerabilities :
-
A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)
-
A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)
-
A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner ‘EncryptedContent’. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)
-
A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)
-
A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)
-
An off-by-one overflow condition affects the BN_rand() function in ‘crypto/bn/random.c’. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, resulting in a denial of service.
-
An off-by-one overflow condition affects the BN_bn2hex() function in ‘crypto/bn/bn_print.c’. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, potentially resulting in a denial of service or another, more severe impact.
Binary data 8791.prmReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792
threatpost.com/openssl-patches-five-flaws-adds-protection-against-logjam-attack/113282
www.openssl.org/news/secadv_20150611.txt
www.openssl.org/news/vulnerabilities.html
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
97.9%