// For flags

CVE-2015-0204

openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK)

Severity Score

5.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

5
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.

La función ssl3_get_key_exchange en s3_clnt.c en OpenSSL en versiones anteriores a 0.9.8zd, 1.0.0 en versiones anteriores a 1.0.0p y 1.0.1 en versiones anteriores a 1.0.1k permite a servidores SSL remotos llevar a cabo ataques de degradación de versión RSA-a-EXPORT_RSA y facilitar el descifrado de fuerza bruta ofreciendo una clave RSA efímera débil en un rol no sumiso, relacionado con el caso "FREAK" . NOTA: el alcance de esta CVE es solo código cliente basado en OpenSSL, no un problema de EXPORT_RSA asociado con servidores u otras implementaciones TLS.

It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method.

A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. A memory leak can occur in the dtls1_buffer_record function under certain conditions. When OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference. An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-11-18 CVE Reserved
  • 2015-01-09 CVE Published
  • 2015-03-06 First Exploit
  • 2024-08-06 CVE Updated
  • 2025-07-06 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-310: Cryptographic Issues
  • CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
CAPEC
References (74)
URL Tag Source
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679 X_refsource_confirm
http://support.novell.com/security/cve/CVE-2015-0204.html X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21883640 X_refsource_confirm
http://www-304.ibm.com/support/docview.wss?uid=swg21960769 X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html X_refsource_confirm
http://www.securityfocus.com/bid/71936 Vdb Entry
http://www.securityfocus.com/bid/91787 Vdb Entry
http://www.securitytracker.com/id/1033378 Vdb Entry
https://bto.bluecoat.com/security-advisory/sa88 X_refsource_confirm
https://bto.bluecoat.com/security-advisory/sa91 X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/99707 Vdb Entry
https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0 X_refsource_confirm
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241 X_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10102 X_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10108 X_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10110 X_refsource_confirm
https://support.apple.com/HT204659 X_refsource_confirm
https://support.citrix.com/article/CTX216642 X_refsource_confirm
https://www.openssl.org/news/secadv_20150319.txt X_refsource_confirm
URL Date SRC
https://github.com/AbhishekGhosh/FREAK-Attack-CVE-2015-0204-Testing-Script 2015-03-06
https://github.com/felmoltor/FreakVulnChecker 2024-04-24
https://github.com/scottjpack/Freak-Scanner 2022-12-20
https://github.com/niccoX/patch-openssl-CVE-2014-0291_CVE-2015-0204 2018-08-10
https://github.com/anthophilee/A2SV--SSL-VUL-Scan 2024-04-28
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html 2018-07-19
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html 2018-07-19
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html 2018-07-19
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html 2018-07-19
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html 2018-07-19
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html 2018-07-19
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html 2018-07-19
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html 2018-07-19
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html 2018-07-19
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html 2018-07-19
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html 2018-07-19
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html 2018-07-19
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html 2018-07-19
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html 2018-07-19
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html 2018-07-19
http://marc.info/?l=bugtraq&m=142496179803395&w=2 2018-07-19
http://marc.info/?l=bugtraq&m=142496289803847&w=2 2018-07-19
http://marc.info/?l=bugtraq&m=142720981827617&w=2 2018-07-19
http://marc.info/?l=bugtraq&m=142721102728110&w=2 2018-07-19
http://marc.info/?l=bugtraq&m=142895206924048&w=2 2018-07-19
http://marc.info/?l=bugtraq&m=143213830203296&w=2 2018-07-19
http://marc.info/?l=bugtraq&m=143748090628601&w=2 2018-07-19
http://marc.info/?l=bugtraq&m=144043644216842&w=2 2018-07-19
http://marc.info/?l=bugtraq&m=144050155601375&w=2 2018-07-19
http://marc.info/?l=bugtraq&m=144050205101530&w=2 2018-07-19
http://marc.info/?l=bugtraq&m=144050254401665&w=2 2018-07-19
http://marc.info/?l=bugtraq&m=144050297101809&w=2 2018-07-19
http://rhn.redhat.com/errata/RHSA-2015-0066.html 2018-07-19
http://rhn.redhat.com/errata/RHSA-2015-0800.html 2018-07-19
http://rhn.redhat.com/errata/RHSA-2015-0849.html 2018-07-19
http://rhn.redhat.com/errata/RHSA-2016-1650.html 2018-07-19
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl 2018-07-19
http://www.debian.org/security/2015/dsa-3125 2018-07-19
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019 2018-07-19
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 2018-07-19
http://www.mandriva.com/security/advisories?name=MDVSA-2015:063 2018-07-19
https://freakattack.com 2018-07-19
https://security.gentoo.org/glsa/201503-11 2018-07-19
https://www.openssl.org/news/secadv_20150108.txt 2018-07-19
https://access.redhat.com/security/cve/CVE-2015-0204 2016-08-22
https://bugzilla.redhat.com/show_bug.cgi?id=1180184 2016-08-22
https://securityblog.redhat.com/2015/03/04/factoring-rsa-export-keys-freak-cve-2015-0204 2016-08-22
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 <= 0.9.8zc
Search vendor "Openssl" for product "Openssl" and version " <= 0.9.8zc"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0a
Search vendor "Openssl" for product "Openssl" and version "1.0.0a"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0b
Search vendor "Openssl" for product "Openssl" and version "1.0.0b"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0c
Search vendor "Openssl" for product "Openssl" and version "1.0.0c"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0d
Search vendor "Openssl" for product "Openssl" and version "1.0.0d"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0e
Search vendor "Openssl" for product "Openssl" and version "1.0.0e"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0f
Search vendor "Openssl" for product "Openssl" and version "1.0.0f"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0g
Search vendor "Openssl" for product "Openssl" and version "1.0.0g"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0h
Search vendor "Openssl" for product "Openssl" and version "1.0.0h"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0i
Search vendor "Openssl" for product "Openssl" and version "1.0.0i"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0j
Search vendor "Openssl" for product "Openssl" and version "1.0.0j"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0k
Search vendor "Openssl" for product "Openssl" and version "1.0.0k"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0l
Search vendor "Openssl" for product "Openssl" and version "1.0.0l"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0m
Search vendor "Openssl" for product "Openssl" and version "1.0.0m"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0n
Search vendor "Openssl" for product "Openssl" and version "1.0.0n"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0o
Search vendor "Openssl" for product "Openssl" and version "1.0.0o"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1a
Search vendor "Openssl" for product "Openssl" and version "1.0.1a"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1b
Search vendor "Openssl" for product "Openssl" and version "1.0.1b"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1c
Search vendor "Openssl" for product "Openssl" and version "1.0.1c"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1d
Search vendor "Openssl" for product "Openssl" and version "1.0.1d"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1e
Search vendor "Openssl" for product "Openssl" and version "1.0.1e"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1f
Search vendor "Openssl" for product "Openssl" and version "1.0.1f"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1g
Search vendor "Openssl" for product "Openssl" and version "1.0.1g"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1h
Search vendor "Openssl" for product "Openssl" and version "1.0.1h"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1i
Search vendor "Openssl" for product "Openssl" and version "1.0.1i"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1j
Search vendor "Openssl" for product "Openssl" and version "1.0.1j"
-
Affected