CVSS: 5.3EPSS: 2%CPEs: 56EXPL: 0CVE-2015-3195 – OpenSSL: X509_ATTRIBUTE memory leak
https://notcve.org/view.php?id=CVE-2015-3195
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. La implementación ASN1_TFLG_COMBINE en crypto/asn1/tasn_dec.c en OpenSSL en versiones anteriores a 0.9.8zh, 1.0.0 en versiones anteriores a 1.0.0t, 1.0.1 en versiones anteriores a 1.0.1q y 1.0.2 en versiones anteriores a 1.0.2e no maneja correctamente los errores provocados por datos X509_ATTRIBUTE malformados, lo que permite a atacantes remotos obtener información sensible de memoria de proceso desencadenando un fallo de decodificación en una aplicación PKCS#7 o CMS. A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. • http://fortiguard.com/advisory/openssl-advisory-december-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html http://lists.opensuse& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.3EPSS: 56%CPEs: 45EXPL: 0CVE-2015-1788
https://notcve.org/view.php?id=CVE-2015-1788
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. La función BN_GF2m_mod_inv en crypto/bn/bn_gf2m.c en OpenSSL anterior a 0.9.8s, 1.0.0 anterior a 1.0.0e, 1.0.1 anterior a 1.0.1n, y 1.0.2 anterior a 1.0.2b no maneja correctamente las estructuras ECParameters en las cuales la curva está por un campo polinomio binario malformado, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de una sesión que utiliza un algoritmo Elliptic Curve, tal y como fue demostrado mediante un ataque sobre un servidor que soporta la autenticación de clientes. • http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html http://lists.opensuse.org/opensuse-security-announce&#x • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 4%CPEs: 30EXPL: 1CVE-2014-8176 – OpenSSL: Invalid free in DTLS
https://notcve.org/view.php?id=CVE-2014-8176
The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data. La función dtls1_clear_queues en ssl/d1_lib.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m, y 1.0.1 anterior a 1.0.1h libera estructuras de datos sin considerar que los datos de la aplicación puedan llegar entre un mensaje ChangeCipherSpec y un mensaje Finished, lo que permite a pares remotos de DTLS causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente tener otro impacto no especificado a través de datos de la aplicación no esperados. An invalid-free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could send a specially crafted message to the peer, which could cause the application to crash or potentially result in arbitrary code execution. • http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html http://rhn.redhat.com/errata/RHSA-2015-1115.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl http://www. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 29%CPEs: 46EXPL: 0CVE-2015-1789 – OpenSSL: out-of-bounds read in X509_cmp_time
https://notcve.org/view.php?id=CVE-2015-1789
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. La función X509_cmp_time en crypto/x509/x509_vfy.c en OpenSSL anterior a 0.9.8zg, 1.0.0 anterior a 1.0.0s, 1.0.1 anterior a 1.0.1n, y 1.0.2 anterior a 1.0.2b permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de un campo de longitud manipulado en datos ASN1_TIME, tal y como fue demostrado mediante un ataque sobre un servidor que soporta la autenticación de clientes con una rellamada de verificación personalizada. An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash. • http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html http& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 43%CPEs: 45EXPL: 0CVE-2015-1790 – OpenSSL: PKCS7 crash with missing EnvelopedContent
https://notcve.org/view.php?id=CVE-2015-1790
The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. La función PKCS7_dataDecode en crypto/pkcs7/pk7_doit.c en OpenSSL anterior a 0.9.8zg, 1.0.0 anterior a 1.0.0s, 1.0.1 anterior a 1.0.1n, y 1.0.2 anterior a 1.0.2b permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de aplicación) a través de un blob PKCS#7 que utiliza la codificación ASN.1 y al que le faltan datos EncryptedContent internos. A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. • http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html http& •