If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data.

Found by Emilia Käsper (OpenSSL).

Affected configurations

Vulners

Node

opensslopensslRange1.0.2–1.0.2b

opensslopensslRange1.0.1–1.0.1n

opensslopensslRange1.0.0–1.0.0s

opensslopensslRange0.9.8–0.9.8zg

VendorProductVersionCPE
opensslopenssl*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openssl	openssl	*	cpe:2.3:a:openssl:openssl::::::::

prion 1

ubuntucve 1

openvas 41

f5 2

nessus 42

debiancve 1

veracode 2

nvd 1

cve 1

cvelist 1

ibm 51

slackware 1

redhat 1

securityvulns 6

centos 1

osv 3

altlinux 5

ubuntu 1

debian 2

fedora 4

mageia 1

cisco 1

archlinux 1

suse 9

freebsd_advisory 1

freebsd 1

aix 1

fortinet 1

amazon 1

oraclelinux 6

arista 1

paloalto 2

gentoo 1

symantec 1

ics 1

oracle 2

prion

Race condition

2015-06-12 19:59:00

ubuntucve

CVE-2015-1791

2015-06-02 00:00:00

openvas

F5 BIG-IP - OpenSSL vulnerability CVE-2015-1791

2015-09-18 00:00:00

Cisco ASA Multiple OpenSSL Vulnerabilities (cisco-sa-20150612-openssl)

2015-11-25 00:00:00

OpenSSL Multiple Vulnerabilities (20150611 - 2) - Windows

2015-12-01 00:00:00

SOL16914 - OpenSSL vulnerability CVE-2015-1791

2015-07-07 00:00:00

K16914 : OpenSSL vulnerability CVE-2015-1791

2015-09-11 00:00:00

nessus

F5 Networks BIG-IP : OpenSSL vulnerability (K16914)

2015-09-18 00:00:00

Fedora 21 : openssl-1.0.1k-10.fc21 (2015-10108)

2015-06-25 00:00:00

OpenSSL 1.0.0 < 1.0.0s Multiple Vulnerabilities

2015-06-12 00:00:00

debiancve

CVE-2015-1791

2015-06-12 19:59:04

veracode

Denial Of Service (DoS)

2017-02-10 06:46:32

Denial Of Service (DoS)

2019-05-02 05:39:36

nvd

CVE-2015-1791

2015-06-12 19:59:04

cve

CVE-2015-1791

2015-06-12 19:59:04

cvelist

CVE-2015-1791

2015-06-12 00:00:00

ibm

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791)

2018-07-10 08:34:12

Security Bulletin: Vulnerabilities in OpenSSL affect Rational RequisitePro (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791)

2018-06-17 05:03:07

Security Bulletin: Vulnerabilities in OpenSSL affects SAN Volume Controller and Storwize Family (CVE-2015-1789 CVE-2015-1791 CVE-2015-1788 )

2023-03-29 01:48:02

slackware

[slackware-security] openssl

2015-06-11 23:01:09

redhat

(RHSA-2015:1115) Moderate: openssl security update

2015-06-15 00:00:00

securityvulns

OpenSSL multiple security vulnerabilities

2015-06-13 00:00:00

[USN-2639-1] OpenSSL vulnerabilities

2015-06-13 00:00:00

[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities

2015-09-14 00:00:00

centos

openssl security update

2015-06-15 20:01:35

osv

openssl - security update

2015-06-17 00:00:00

openssl - security update

2015-06-13 00:00:00

libopenssl-1_1-devel-1.1.1l-1.2 on GA media

2024-06-15 00:00:00

altlinux

Security fix for the ALT Linux 7 package openssl10 version 1.0.1k-alt2.M70P.1

2015-06-26 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1k-alt3

2015-06-15 00:00:00

Security fix for the ALT Linux 8 package openssl10 version 1.0.1k-alt3

2015-06-15 00:00:00

ubuntu

OpenSSL vulnerabilities

2015-06-11 00:00:00

debian

[SECURITY] [DLA 247-1] openssl security update

2015-06-17 21:46:50

[SECURITY] [DSA 3287-1] openssl security update

2015-06-13 14:32:55

fedora

[SECURITY] Fedora 22 Update: openssl-1.0.1k-10.fc22

2015-06-21 00:19:25

[SECURITY] Fedora 22 Update: openssl-1.0.1k-11.fc22

2015-07-13 19:18:15

[SECURITY] Fedora 21 Update: openssl-1.0.1k-10.fc21

2015-06-24 15:57:49

mageia

Updated openssl package fixes security vulnerabilities

2015-06-19 16:33:05

cisco

Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products

2015-06-12 16:00:00

archlinux

openssl: multiple issues

2015-06-12 00:00:00

suse

Security update for openssl (important)

2015-06-25 18:05:48

Security update for compat-openssl098 (important)

2015-06-26 13:05:09

Security update for OpenSSL (important)

2015-07-03 14:06:19

freebsd_advisory

FreeBSD-SA-15:10.openssl

2015-06-12 00:00:00

freebsd

openssl -- multiple vulnerabilities

2015-06-11 00:00:00

aix

Multiple Security vulnerabilities in AIX OpenSSL

2015-07-15 00:20:05

fortinet

OpenSSL vulnerabilities - June 2015

2015-06-11 00:00:00

amazon

Medium: openssl

2015-06-16 11:29:00

oraclelinux

openssl security update

2015-06-15 00:00:00

openssl security update

2015-12-14 00:00:00

openssl security update

2016-09-27 00:00:00

arista

Security Advisory 0011

2015-06-17 00:00:00

paloalto

OpenSSL Vulnerabilities

2016-10-18 00:00:00

OpenSSL Vulnerabilities

2016-08-15 00:00:00

gentoo

OpenSSL: Multiple vulnerabilities

2015-06-22 00:00:00

symantec

SA98 : OpenSSL Security Advisory 11-June-2015

2015-06-17 08:00:00

ics

Siemens SCALANCE X-200RNA Switch Devices

2022-12-19 12:00:00

oracle

Oracle Critical Patch Update Advisory - October 2015

2015-10-20 00:00:00

Oracle Critical Patch Update - October 2016

2016-10-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

High

EPSS

0.394

Percentile

97.3%

JSON

Related for OPENSSL:CVE-2015-1791