CVE-2015-0290
HP Security Bulletin HPSBMU03380 1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors.
La característica multi-block en la función ssl3_write_bytes en s3_pkt.c en OpenSSL 1.0.2 anterior a 1.0.2a en las plataformas x86 de 64 bits con soporte AES NI no maneja correctamente ciertos casos de no bloqueo I/O, lo que permite a atacantes remotos causar una denegación de servicio (corrupción de puntero y caída de aplicación) a través de vectores no especificados.
Multiple potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), Cross-site Request Forgery (CSRF), execution of arbitrary code, unauthorized modification, unauthorized access, or disclosure of information. Revision 1 of this advisory.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-11-18 CVE Reserved
- 2015-03-19 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-17: DEPRECATED: Code
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/73226 | Third Party Advisory | |
| http://www.securitytracker.com/id/1031929 | Third Party Advisory | |
| https://bto.bluecoat.com/security-advisory/sa92 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1202345 | Issue Tracking | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf |
|
|
| https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=77c77f0a1b9f15b869ca3342186dfbedd1119d0e | ||
| https://kc.mcafee.com/corporate/index?page=content&id=SB10110 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=143748090628601&w=2 | 2023-11-07 | |
| http://marc.info/?l=bugtraq&m=144050155601375&w=2 | 2023-11-07 | |
| http://marc.info/?l=bugtraq&m=144050297101809&w=2 | 2023-11-07 | |
| https://security.gentoo.org/glsa/201503-11 | 2023-11-07 | |
| https://www.openssl.org/news/secadv_20150319.txt | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2" | beta1 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2" | beta2 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2" | beta3 |
Affected
| ||||||