CVE-2015-3216

openssl: Crash in ssleay_rand_bytes due to locking regression

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.

Condición de carrera en cierto parche Red Hat patch a la implementación PRNG lock en la función ssleay_rand_bytes en OpenSSL, distribuido en openssl-1.0.1e-25.el7 en Red Hat Enterprise Linux (RHEL) 7 y otros productos, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) mediante el establecimiento de muchas sesiones TLS en un servidor de múltiples hilos, conduciendo al uso de un valor negativo para cierto campo de longitud.

A regression was found in the ssleay_rand_bytes() function in the versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7. This regression could cause a multi-threaded application to crash.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-04-10 CVE Reserved
2015-06-15 CVE Published
2023-10-07 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-189: Numeric Errors
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (12)

URL	Tag	Source
http://www.securityfocus.com/bid/75219	Vdb Entry
http://www.securitytracker.com/id/1032587	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1225994	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html	2018-01-05
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html	2018-01-05
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html	2018-01-05
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html	2018-01-05
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html	2018-01-05
http://rhn.redhat.com/errata/RHSA-2015-1115.html	2018-01-05
http://rhn.redhat.com/errata/RHSA-2016-2957.html	2018-01-05
https://access.redhat.com/security/cve/CVE-2015-3216	2016-12-15
https://bugzilla.redhat.com/show_bug.cgi?id=1227574	2016-12-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1e-25.el7 Search vendor "Openssl" for product "Openssl" and version "1.0.1e-25.el7"		-		Affected