CVE-2015-0287
openssl: ASN.1 structure reuse memory corruption
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.
La función ASN1_item_ex_d2i en crypto/asn1/tasn_dec.c en OpenSSL anterior a 0.9.8zf, 1.0.0 anterior a 1.0.0r, 1.0.1 anterior a 1.0.1m, y 1.0.2 anterior a 1.0.2a no reinicializa estructuras de datos CHOICE y ADB, lo que podría permitir a atacantes causar una denegación de servicio (operación de escritura inválida y corrupción de memoria) mediante el aprovechamiento de una aplicación que depende del reuso de estructuras ASN.1.
An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could possibly use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-11-18 CVE Reserved
- 2015-03-19 CVE Published
- 2024-08-06 CVE Updated
- 2024-10-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-17: DEPRECATED: Code
- CWE-787: Out-of-bounds Write
CAPEC
References (50)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | <= 0.9.8ze Search vendor "Openssl" for product "Openssl" and version " <= 0.9.8ze" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0a Search vendor "Openssl" for product "Openssl" and version "1.0.0a" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0b Search vendor "Openssl" for product "Openssl" and version "1.0.0b" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0c Search vendor "Openssl" for product "Openssl" and version "1.0.0c" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0d Search vendor "Openssl" for product "Openssl" and version "1.0.0d" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0e Search vendor "Openssl" for product "Openssl" and version "1.0.0e" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0f Search vendor "Openssl" for product "Openssl" and version "1.0.0f" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0g Search vendor "Openssl" for product "Openssl" and version "1.0.0g" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0h Search vendor "Openssl" for product "Openssl" and version "1.0.0h" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0i Search vendor "Openssl" for product "Openssl" and version "1.0.0i" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0j Search vendor "Openssl" for product "Openssl" and version "1.0.0j" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0k Search vendor "Openssl" for product "Openssl" and version "1.0.0k" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0l Search vendor "Openssl" for product "Openssl" and version "1.0.0l" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0m Search vendor "Openssl" for product "Openssl" and version "1.0.0m" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0n Search vendor "Openssl" for product "Openssl" and version "1.0.0n" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0o Search vendor "Openssl" for product "Openssl" and version "1.0.0o" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0p Search vendor "Openssl" for product "Openssl" and version "1.0.0p" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.0q Search vendor "Openssl" for product "Openssl" and version "1.0.0q" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1a Search vendor "Openssl" for product "Openssl" and version "1.0.1a" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1b Search vendor "Openssl" for product "Openssl" and version "1.0.1b" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1c Search vendor "Openssl" for product "Openssl" and version "1.0.1c" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1d Search vendor "Openssl" for product "Openssl" and version "1.0.1d" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1e Search vendor "Openssl" for product "Openssl" and version "1.0.1e" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1f Search vendor "Openssl" for product "Openssl" and version "1.0.1f" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1g Search vendor "Openssl" for product "Openssl" and version "1.0.1g" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1h Search vendor "Openssl" for product "Openssl" and version "1.0.1h" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1i Search vendor "Openssl" for product "Openssl" and version "1.0.1i" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1j Search vendor "Openssl" for product "Openssl" and version "1.0.1j" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1k Search vendor "Openssl" for product "Openssl" and version "1.0.1k" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1l Search vendor "Openssl" for product "Openssl" and version "1.0.1l" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2" | - |
Affected
|