CVE-2015-0290

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors.

La característica multi-block en la función ssl3_write_bytes en s3_pkt.c en OpenSSL 1.0.2 anterior a 1.0.2a en las plataformas x86 de 64 bits con soporte AES NI no maneja correctamente ciertos casos de no bloqueo I/O, lo que permite a atacantes remotos causar una denegación de servicio (corrupción de puntero y caída de aplicación) a través de vectores no especificados.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-11-18 CVE Reserved
2015-03-19 CVE Published
2024-08-06 CVE Updated
2024-10-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-17: DEPRECATED: Code

CAPEC

References (17)

URL	Tag	Source
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html	Third Party Advisory
http://www.securityfocus.com/bid/73226	Third Party Advisory
http://www.securitytracker.com/id/1031929	Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa92	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1202345	Issue Tracking
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=77c77f0a1b9f15b869ca3342186dfbedd1119d0e
https://kc.mcafee.com/corporate/index?page=content&id=SB10110	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	2023-11-07

URL	Date	SRC
http://marc.info/?l=bugtraq&m=143748090628601&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=144050155601375&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=144050297101809&w=2	2023-11-07
https://security.gentoo.org/glsa/201503-11	2023-11-07
https://www.openssl.org/news/secadv_20150319.txt	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2"		beta1		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2"		beta2		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2"		beta3		Affected