The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.

Found by Michal Zalewski (Google).

Affected configurations

Vulners

Node

opensslopensslRange1.0.2–1.0.2b

opensslopensslRange1.0.1–1.0.1n

opensslopensslRange1.0.0–1.0.0s

opensslopensslRange0.9.8–0.9.8zg

VendorProductVersionCPE
opensslopenssl*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openssl	openssl	*	cpe:2.3:a:openssl:openssl::::::::

cve 1

nvd 1

f5 2

debiancve 1

openvas 50

ibm 42

ubuntucve 1

cvelist 1

nessus 47

veracode 2

prion 1

suse 13

redhat 2

centos 2

slackware 1

securityvulns 2

altlinux 5

osv 2

ubuntu 1

debian 2

fedora 4

mageia 1

cisco 1

archlinux 1

oraclelinux 3

freebsd_advisory 1

freebsd 1

aix 1

fortinet 1

amazon 1

arista 1

paloalto 2

gentoo 1

symantec 1

cve

CVE-2015-1790

2015-06-12 19:59:03

nvd

CVE-2015-1790

2015-06-12 19:59:03

SOL16898 - PKCS #7 vulnerability CVE-2015-1790

2015-07-07 00:00:00

K16898 : PKCS #7 vulnerability CVE-2015-1790

2015-09-16 00:00:00

debiancve

CVE-2015-1790

2015-06-12 19:59:03

openvas

F5 BIG-IP - PKCS #7 vulnerability CVE-2015-1790

2015-09-18 00:00:00

Cisco ASA Multiple OpenSSL Vulnerabilities (cisco-sa-20150612-openssl)

2015-11-25 00:00:00

CentOS Update for openssl CESA-2015:1197 centos5

2015-07-03 00:00:00

ibm

Security Bulletin: Vulnerabilities in OpenSSL affect Rational Automation Framework (CVE-2015-1790)

2018-06-17 05:05:14

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Rational Insight (CVE-2015-4000, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792)

2018-06-17 05:04:30

Security Bulletin: Vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)

2018-06-17 15:12:15

ubuntucve

CVE-2015-1790

2015-06-11 00:00:00

cvelist

CVE-2015-1790

2015-06-12 00:00:00

nessus

F5 Networks BIG-IP : PKCS #7 vulnerability (SOL16898)

2016-01-28 00:00:00

Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20150630) (Logjam)

2015-07-06 00:00:00

Oracle Linux 5 : openssl (ELSA-2015-1197) (Logjam)

2015-07-01 00:00:00

veracode

Denial Of Service (DoS) Through Null Pointer Dereference

2017-02-10 07:01:24

Denial Of Service (DoS)

2019-05-02 05:39:36

prion

Null pointer dereference

2015-06-12 19:59:00

suse

Security update for OpenSSL (important)

2015-07-03 15:05:22

Security update for OpenSSL (important)

2015-07-03 20:08:44

Security update for OpenSSL (important)

2015-07-03 14:05:21

redhat

(RHSA-2015:1197) Moderate: openssl security update

2015-06-30 00:00:00

(RHSA-2015:1115) Moderate: openssl security update

2015-06-15 00:00:00

centos

openssl security update

2015-07-02 12:10:41

openssl security update

2015-06-15 20:01:35

slackware

[slackware-security] openssl

2015-06-11 23:01:09

securityvulns

OpenSSL multiple security vulnerabilities

2015-06-13 00:00:00

[USN-2639-1] OpenSSL vulnerabilities

2015-06-13 00:00:00

altlinux

Security fix for the ALT Linux 7 package openssl10 version 1.0.1k-alt2.M70P.1

2015-06-26 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1k-alt3

2015-06-15 00:00:00

Security fix for the ALT Linux 8 package openssl10 version 1.0.1k-alt3

2015-06-15 00:00:00

osv

openssl - security update

2015-06-17 00:00:00

openssl - security update

2015-06-13 00:00:00

ubuntu

OpenSSL vulnerabilities

2015-06-11 00:00:00

debian

[SECURITY] [DLA 247-1] openssl security update

2015-06-17 21:46:50

[SECURITY] [DSA 3287-1] openssl security update

2015-06-13 14:32:55

fedora

[SECURITY] Fedora 22 Update: openssl-1.0.1k-10.fc22

2015-06-21 00:19:25

[SECURITY] Fedora 22 Update: openssl-1.0.1k-11.fc22

2015-07-13 19:18:15

[SECURITY] Fedora 21 Update: openssl-1.0.1k-10.fc21

2015-06-24 15:57:49

mageia

Updated openssl package fixes security vulnerabilities

2015-06-19 16:33:05

cisco

Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products

2015-06-12 16:00:00

archlinux

openssl: multiple issues

2015-06-12 00:00:00

oraclelinux

openssl security update

2015-06-30 00:00:00

openssl security update

2015-06-15 00:00:00

openssl security update

2015-12-14 00:00:00

freebsd_advisory

FreeBSD-SA-15:10.openssl

2015-06-12 00:00:00

freebsd

openssl -- multiple vulnerabilities

2015-06-11 00:00:00

aix

Multiple Security vulnerabilities in AIX OpenSSL

2015-07-15 00:20:05

fortinet

OpenSSL vulnerabilities - June 2015

2015-06-11 00:00:00

amazon

Medium: openssl

2015-06-16 11:29:00

arista

Security Advisory 0011

2015-06-17 00:00:00

paloalto

OpenSSL Vulnerabilities

2016-10-18 00:00:00

OpenSSL Vulnerabilities

2016-08-15 00:00:00

gentoo

OpenSSL: Multiple vulnerabilities

2015-06-22 00:00:00

symantec

SA98 : OpenSSL Security Advisory 11-June-2015

2015-06-17 08:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.7

Confidence

High

EPSS

0.433

Percentile

97.4%

JSON

Related for OPENSSL:CVE-2015-1790