Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2015-5334
HistoryJan 23, 2020 - 8:15 p.m.

CVE-2015-5334

2020-01-2320:15:12
CWE-787
[email protected]
web.nvd.nist.gov
1

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.47 Medium

EPSS

Percentile

97.5%

JSON

Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.

Affected configurations

NVD
Node
openbsdlibresslRange<2.3.1
Node
opensuseopensuseMatch13.2

Related

prion 2
cvelist 2
cve 2
securityvulns 4
f5 2
ibm 31
ubuntucve 1
nvd 1
openssl 1
veracode 1
debiancve 1
nessus 53
freebsd 2
centos 2
openvas 34
redhat 3
debian 2
oraclelinux 8
freebsd_advisory 1
huawei 1
ubuntu 1
slackware 1
aix 1
mageia 1
amazon 1
kaspersky 1
osv 1
fedora 8
altlinux 5
suse 2
lenovo 2
apple 4
prion
prion
Stack overflow
2020-01-23 20:15:00
Design/Logic Flaw
2014-08-13 23:55:00
cvelist
cvelist
CVE-2015-5334
2020-01-23 19:56:11
CVE-2014-3508
2014-08-13 23:00:00
cve
cve
CVE-2015-5334
2020-01-23 20:15:12
CVE-2014-3508
2014-08-13 23:55:07
securityvulns
securityvulns
Qualys Security Advisory - LibreSSL &#40;CVE-2015-5333 and CVE-2015-5334&#41;
2015-10-19 00:00:00
LibreSSL security vulnerabilities
2015-10-19 00:00:00
OpenSSL multiple security vulnerabilities
2014-08-07 00:00:00
f5
f5
K15571 : OpenSSL vulnerability CVE-2014-3508
2014-09-05 00:00:00
SOL15571 - OpenSSL vulnerability CVE-2014-3508
2014-09-05 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in OpenSSL affects IBM WebSphere MQ Advanced Message Security for IBM i platform (CVE-2014-3508)
2018-06-15 07:01:35
Security Bulletin: Vulnerabilities in OpenSSL (CVE-2014-3508 and CVE-2014-3509) affect the virtual machines deployed by IBM Workload Deployer.
2018-06-15 07:02:21
Security Bulletin: Vulnerabilities in OpenSSL (CVE-2014-3508 and CVE-2014-3509) affect the virtual machines deployed by IBM PureApplication System.
2018-06-15 07:03:23
ubuntucve
ubuntucve
CVE-2014-3508
2014-08-07 00:00:00
nvd
nvd
CVE-2014-3508
2014-08-13 23:55:07
openssl
openssl
Vulnerability in OpenSSL CVE-2014-3508
2014-08-06 00:00:00
veracode
veracode
Information Disclosure
2017-02-07 01:12:09
debiancve
debiancve
CVE-2014-3508
2014-08-13 23:55:07
nessus
nessus
FreeBSD : LibreSSL -- Memory leak and buffer overflow (e75a96df-73ca-11e5-9b45-b499baebfeaf)
2015-10-19 00:00:00
openSUSE Security Update : libressl (openSUSE-2015-681)
2015-10-28 00:00:00
Oracle Solaris Third-Party Patch Update : openssl (cve_2014_3508_information_disclosure)
2015-01-19 00:00:00
freebsd
freebsd
LibreSSL -- Memory leak and buffer overflow
2015-10-15 00:00:00
OpenSSL -- multiple vulnerabilities
2014-08-06 00:00:00
centos
centos
openssl security update
2014-08-13 19:52:24
openssl security update
2014-08-13 20:10:43
openvas
openvas
Debian: Security Advisory (DLA-33-1)
2023-03-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1104-1)
2021-06-09 00:00:00
OpenSSL Multiple Vulnerabilities (20140806 - 1) - Windows
2021-07-19 00:00:00
redhat
redhat
(RHSA-2014:1053) Moderate: openssl security update
2014-08-13 00:00:00
(RHSA-2014:1052) Moderate: openssl security update
2014-08-13 00:00:00
(RHSA-2014:1054) Moderate: openssl security update
2014-08-14 00:00:00
debian
debian
[DLA 33-1] openssl security update
2014-08-07 20:36:09
[SECURITY] [DSA 2998-1] openssl security update
2014-08-06 23:44:13
oraclelinux
oraclelinux
openssl security update
2014-08-13 00:00:00
openssl security update
2014-08-13 00:00:00
openssl security update
2014-10-16 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:18.openssl
2014-09-09 00:00:00
huawei
huawei
Security Advisory-9 OpenSSL vulnerabilities on Huawei products
2014-10-08 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2014-08-07 00:00:00
slackware
slackware
[slackware-security] openssl
2014-08-08 21:22:00
aix
aix
AIX OpenSSL Denial of Service due to double free and others
2014-09-09 00:50:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2014-08-12 13:16:46
amazon
amazon
Medium: openssl
2014-08-07 12:26:00
kaspersky
kaspersky
KLA10343 Multiple vulnerabilities in Stunnel
2014-08-07 00:00:00
osv
osv
openssl - security update
2014-08-07 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: mingw-openssl-1.0.1j-1.fc21
2015-01-02 05:06:53
[SECURITY] Fedora 20 Update: openssl-1.0.1e-39.fc20
2014-08-09 07:36:05
[SECURITY] Fedora 19 Update: openssl-1.0.1e-39.fc19
2014-08-09 07:34:58
altlinux
altlinux
Security fix for the ALT Linux 7 package openssl10 version 1.0.1j-alt0.M70P.1
2014-10-31 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.1j-alt1
2014-10-30 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.1j-alt1
2014-10-30 00:00:00
suse
suse
Security update for compat-openssl097g (important)
2015-03-24 00:05:09
Security update for libopenssl0_9_8 (important)
2016-03-03 14:11:44
lenovo
lenovo
Intel® PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51
Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51
apple
apple
About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 - Apple Support
2017-01-23 03:54:34
About the security content of macOS Mojave 10.14
2018-09-24 00:00:00
About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002
2016-03-21 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.47 Medium

EPSS

Percentile

97.5%

JSON
Related for NVD:CVE-2015-5334
prion2cvelist2cve2securityvulns4f52ibm31ubuntucve1nvd1openssl1veracode1debiancve1nessus53freebsd2centos2openvas34redhat3debian2oraclelinux8freebsd_advisory1huawei1ubuntu1slackware1aix1mageia1amazon1kaspersky1osv1fedora8altlinux5suse2lenovo2apple4