CVE-2015-3196
OpenSSL: Race condition handling PSK identify hint
Severity Score
Exploit Likelihood
Affected Versions
65Public Exploits
0Exploited in Wild
-Decision
Descriptions
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.
ssl/s3_clnt.c en OpenSSL 1.0.0 en versiones anteriores a 1.0.0t, 1.0.1 en versiones anteriores a 1.0.1p y 1.0.2 en versiones anteriores a 1.0.2d, cuando es utilizado por un cliente multi hilo, escribe la pista de identidad PSK en una estructura de datos incorrecta, lo que permite a servidores remotos provocar una denegación de servicio (condición de carrera y liberación doble) a través de un mensaje ServerKeyExchange manipulado.
A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL.
There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-04-10 CVE Reserved
- 2015-12-03 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (28)
| URL | Tag | Source |
|---|---|---|
| http://fortiguard.com/advisory/openssl-advisory-december-2015 | Third Party Advisory | |
| http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 | Third Party Advisory | |
| http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 | Third Party Advisory | |
| http://www.fortiguard.com/advisory/openssl-advisory-december-2015 | Third Party Advisory | |
| http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/78622 | Third Party Advisory | |
| http://www.securitytracker.com/id/1034294 | Third Party Advisory | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf |
|
|
| https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea2... |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuapr2016... | 2023-11-07 | |
| http://www.oracle.com/technetwork/security-advisory/cpuoct2017... | 2023-11-07 |