// For flags

CVE-2015-0288

openssl: X509_to_X509_REQ NULL pointer dereference

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.

La función X509_to_X509_REQ en crypto/x509/x509_req.c en OpenSSL anterior a 0.9.8zf, 1.0.0 anterior a 1.0.0r, 1.0.1 anterior a 1.0.1m, y 1.0.2 anterior a 1.0.2a podría permitir a atacantes causar una denegación de servicio (referencia a puntero nulo y caída de aplicación) a través de una clave de certificado inválida.

A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request.

OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application. An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-11-18 CVE Reserved
  • 2015-03-19 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-07-04 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-476: NULL Pointer Dereference
CAPEC
References (47)
URL Tag Source
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680
http://support.apple.com/kb/HT204942
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/bid/73237 Vdb Entry
http://www.securitytracker.com/id/1031929 Vdb Entry
https://bto.bluecoat.com/security-advisory/sa92
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=28a00bcd8e318da18031b2ac8778c64147cd54f9
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
https://rt.openssl.org/Ticket/Display.html?id=3708&user=guest&pass=guest
https://support.citrix.com/article/CTX216642
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html 2023-11-07
http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html 2023-11-07
http://marc.info/?l=bugtraq&m=142841429220765&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=143213830203296&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=143748090628601&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=144050155601375&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=144050254401665&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=144050297101809&w=2 2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-0715.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-0716.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-0752.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-0800.html 2023-11-07
http://www.debian.org/security/2015/dsa-3197 2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2015:063 2023-11-07
http://www.ubuntu.com/usn/USN-2537-1 2023-11-07
https://access.redhat.com/articles/1384453 2015-04-13
https://bugzilla.redhat.com/show_bug.cgi?id=1202418 2015-04-13
https://security.gentoo.org/glsa/201503-11 2023-11-07
https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc 2023-11-07
https://www.openssl.org/news/secadv_20150319.txt 2023-11-07
https://access.redhat.com/security/cve/CVE-2015-0288 2015-04-13
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 <= 0.9.8ze
Search vendor "Openssl" for product "Openssl" and version " <= 0.9.8ze"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0a
Search vendor "Openssl" for product "Openssl" and version "1.0.0a"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0b
Search vendor "Openssl" for product "Openssl" and version "1.0.0b"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0c
Search vendor "Openssl" for product "Openssl" and version "1.0.0c"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0d
Search vendor "Openssl" for product "Openssl" and version "1.0.0d"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0e
Search vendor "Openssl" for product "Openssl" and version "1.0.0e"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0f
Search vendor "Openssl" for product "Openssl" and version "1.0.0f"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0g
Search vendor "Openssl" for product "Openssl" and version "1.0.0g"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0h
Search vendor "Openssl" for product "Openssl" and version "1.0.0h"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0i
Search vendor "Openssl" for product "Openssl" and version "1.0.0i"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0j
Search vendor "Openssl" for product "Openssl" and version "1.0.0j"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0k
Search vendor "Openssl" for product "Openssl" and version "1.0.0k"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0l
Search vendor "Openssl" for product "Openssl" and version "1.0.0l"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0m
Search vendor "Openssl" for product "Openssl" and version "1.0.0m"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0n
Search vendor "Openssl" for product "Openssl" and version "1.0.0n"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0o
Search vendor "Openssl" for product "Openssl" and version "1.0.0o"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0p
Search vendor "Openssl" for product "Openssl" and version "1.0.0p"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0q
Search vendor "Openssl" for product "Openssl" and version "1.0.0q"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1a
Search vendor "Openssl" for product "Openssl" and version "1.0.1a"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1b
Search vendor "Openssl" for product "Openssl" and version "1.0.1b"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1c
Search vendor "Openssl" for product "Openssl" and version "1.0.1c"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1d
Search vendor "Openssl" for product "Openssl" and version "1.0.1d"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1e
Search vendor "Openssl" for product "Openssl" and version "1.0.1e"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1f
Search vendor "Openssl" for product "Openssl" and version "1.0.1f"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1g
Search vendor "Openssl" for product "Openssl" and version "1.0.1g"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1h
Search vendor "Openssl" for product "Openssl" and version "1.0.1h"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1i
Search vendor "Openssl" for product "Openssl" and version "1.0.1i"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1j
Search vendor "Openssl" for product "Openssl" and version "1.0.1j"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1k
Search vendor "Openssl" for product "Openssl" and version "1.0.1k"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1l
Search vendor "Openssl" for product "Openssl" and version "1.0.1l"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
-
Affected