CVE-2015-3216
openssl: Crash in ssleay_rand_bytes due to locking regression
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.
Condición de carrera en cierto parche Red Hat patch a la implementación PRNG lock en la función ssleay_rand_bytes en OpenSSL, distribuido en openssl-1.0.1e-25.el7 en Red Hat Enterprise Linux (RHEL) 7 y otros productos, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) mediante el establecimiento de muchas sesiones TLS en un servidor de múltiples hilos, conduciendo al uso de un valor negativo para cierto campo de longitud.
A regression was found in the ssleay_rand_bytes() function in the versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7. This regression could cause a multi-threaded application to crash.
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-04-10 CVE Reserved
- 2015-06-15 CVE Published
- 2024-08-06 CVE Updated
- 2025-05-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/75219 | Vdb Entry | |
| http://www.securitytracker.com/id/1032587 | Vdb Entry | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1225994 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.1e-25.el7 Search vendor "Openssl" for product "Openssl" and version "1.0.1e-25.el7" | - |
Affected
| ||||||