Lucene search

PRIOn knowledge basePRION:CVE-2015-0286

HistoryMar 19, 2015 - 10:59 p.m.

Type confusion

2015-03-1922:59:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

0.944 High

EPSS

Percentile

99.2%

JSON

The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.

CPENameOperatorVersion
openssleq1.0.1106
openssleq1.0.110
openssleq1.0.99
openssleq1.0.105
openssleq1.0.1104
openssleq1.0.109
openssleq1.0.199
openssleq1.0.1103
openssleq1.0.104
openssleq1.0.101

Name	Operator	Version
openssl	eq	1.0.1106
openssl	eq	1.0.110
openssl	eq	1.0.99
openssl	eq	1.0.105
openssl	eq	1.0.1104
openssl	eq	1.0.109
openssl	eq	1.0.199
openssl	eq	1.0.1103
openssl	eq	1.0.104
openssl	eq	1.0.101

Rows per page:

1-10 of 331

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10680

lists.apple.com/archives/security-announce/2015/Jun/msg00002.html

lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

lists.opensuse.org/opensuse-updates/2015-03/msg00062.html

rhn.redhat.com/errata/RHSA-2015-0715.html

rhn.redhat.com/errata/RHSA-2015-0716.html

rhn.redhat.com/errata/RHSA-2015-0752.html

rhn.redhat.com/errata/RHSA-2016-2957.html

support.apple.com/kb/HT204942

www.debian.org/security/2015/dsa-3197

www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015

www.mandriva.com/security/advisories?name=MDVSA-2015:062

www.mandriva.com/security/advisories?name=MDVSA-2015:063

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

www.securityfocus.com/bid/73225

www.securitytracker.com/id/1031929

www.securitytracker.com/id/1032917

www.ubuntu.com/usn/USN-2537-1

access.redhat.com/articles/1384453

bto.bluecoat.com/security-advisory/sa92

bugzilla.redhat.com/show_bug.cgi?id=1202366

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

git.openssl.org/?p=openssl.git;a=commit;h=c3c7fb07dc975dc3c9de0eddb7d8fd79fc9c67c1

kc.mcafee.com/corporate/index?page=content&id=SB10110

lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html

marc.info/?l=bugtraq&m=142841429220765&w=2

marc.info/?l=bugtraq&m=143213830203296&w=2

marc.info/?l=bugtraq&m=143748090628601&w=2

marc.info/?l=bugtraq&m=144050155601375&w=2

marc.info/?l=bugtraq&m=144050254401665&w=2

marc.info/?l=bugtraq&m=144050297101809&w=2

support.apple.com/HT205212

support.apple.com/HT205267

support.citrix.com/article/CTX216642

www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc

www.openssl.org/news/secadv_20150319.txt