Page 5 of 95 results (0.024 seconds)

CVSS: 5.0EPSS: 62%CPEs: 45EXPL: 0

CVE-2015-1792 – OpenSSL: CMS verify infinite loop with unknown hash function

https://notcve.org/view.php?id=CVE-2015-1792

The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function. La función do_free_upto en crypto/cms/cms_smime.c en OpenSSL anterior a 0.9.8zg, 1.0.0 anterior a 1.0.0s, 1.0.1 anterior a 1.0.1n, y 1.0.2 anterior a 1.0.2b permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de vectores que provocan un valor nulo de una estructura de datos BIO, tal y como fue demostrado mediante un X.660 OID no reconocido para una función hash. A denial of service flaw was found in the way OpenSSL verified certain signed messages using CMS (Cryptographic Message Syntax). A remote attacker could cause an application using OpenSSL to use excessive amounts of memory by sending a specially crafted message for verification. • http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023 • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.8EPSS: 39%CPEs: 45EXPL: 0

CVE-2015-1791 – OpenSSL: Race condition handling NewSessionTicket

https://notcve.org/view.php?id=CVE-2015-1791

Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier. Condición de carrera en la función ssl3_get_new_session_ticket en ssl/s3_clnt.c en OpenSSL anterior a 0.9.8zg, 1.0.0 anterior a 1.0.0s, 1.0.1 anterior a 1.0.1n, y 1.0.2 anterior a 1.0.2b, cuando utilizado para un cliente multi-hilo, permite a atacantes remotos causar una denegación de servicio (liberación doble y caída de aplicación) o posiblemente tener otro impacto no especificado mediante la provisión de un NewSessionTicket durante un intento de reutilizar un ticket que se había conseguido anteriormente. A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. • http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html http& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.0EPSS: 94%CPEs: 33EXPL: 0

CVE-2015-0286 – openssl: invalid pointer use in ASN1_TYPE_cmp()

https://notcve.org/view.php?id=CVE-2015-0286

The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. La función ASN1_TYPE_cmp en crypto/asn1/a_type.c en OpenSSL anterior a 0.9.8zf, 1.0.0 anterior a 1.0.0r, 1.0.1 anterior a 1.0.1m, y 1.0.2 anterior a 1.0.2a no realiza correctamente las comparaciones tipo boolean, lo que permite a atacantes remotos causar una denegación de servicio (operación de lectura inválida y caída de aplicación) a través de un certificado X.509 manipulado en un endpoint que utiliza la característica de verificación de certificados. An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html http://lists.fedoraproject.org/pipermail/package-announce/2015-Ma • CWE-17: DEPRECATED: Code CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 1%CPEs: 33EXPL: 0

CVE-2015-0287 – openssl: ASN.1 structure reuse memory corruption

https://notcve.org/view.php?id=CVE-2015-0287

The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse. La función ASN1_item_ex_d2i en crypto/asn1/tasn_dec.c en OpenSSL anterior a 0.9.8zf, 1.0.0 anterior a 1.0.0r, 1.0.1 anterior a 1.0.1m, y 1.0.2 anterior a 1.0.2a no reinicializa estructuras de datos CHOICE y ADB, lo que podría permitir a atacantes causar una denegación de servicio (operación de escritura inválida y corrupción de memoria) mediante el aprovechamiento de una aplicación que depende del reuso de estructuras ASN.1. An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could possibly use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html http://lists.fedoraproject.org/pipermail/package-announce/2015-Ma • CWE-17: DEPRECATED: Code CWE-787: Out-of-bounds Write •

CVSS: 5.0EPSS: 1%CPEs: 33EXPL: 0

CVE-2015-0288 – openssl: X509_to_X509_REQ NULL pointer dereference

https://notcve.org/view.php?id=CVE-2015-0288

The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key. La función X509_to_X509_REQ en crypto/x509/x509_req.c en OpenSSL anterior a 0.9.8zf, 1.0.0 anterior a 1.0.0r, 1.0.1 anterior a 1.0.1m, y 1.0.2 anterior a 1.0.2a podría permitir a atacantes causar una denegación de servicio (referencia a puntero nulo y caída de aplicación) a través de una clave de certificado inválida. A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html http://lists.fedoraproject.org/pipermail/package-announce/ • CWE-476: NULL Pointer Dereference •