CVE-2015-5291

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.

Vulnerabilidad de desbordamiento de buffer basado en memoria en PolarSSL 1.x en versiones anteriores a 1.2.17 y ARM mbed TLS (anteriormente PolarSSL) 1.3.x en versiones anteriores a 1.3.14 y 2.x en versiones anteriores a 2.1.2 permite a servidores remotos SSL provocar una denegación de servicio (caída de cliente) y posiblemente ejecutar código arbitrario a través de una extensión larga de hostname para el indicador del nombre del servidor (SNI), el cual no es manejado correctamente cuando se crea un mensaje ClientHello. NOTA: este identificador ha sido SEPARADO por ADT3 debido a los diferentes intervalos de versión afectados. Ver CVE-2015-8036 para el problema del ticket de sesión que fue introducido en 1.3.0.

*Credits: N/A

CVSS Scores

NISTv2 6.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-07-01 CVE Reserved
2015-11-02 CVE Published
2024-08-06 CVE Updated
2024-10-09 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (10)

URL	Tag	Source
https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf	Third Party Advisory
https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html	2019-06-19
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html	2019-06-19
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html	2019-06-19
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html	2019-06-19
http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html	2019-06-19
http://www.debian.org/security/2016/dsa-3468	2019-06-19
https://security.gentoo.org/glsa/201706-18	2019-06-19
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01	2019-06-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				>= 1.3.0 < 1.3.14 Search vendor "Arm" for product "Mbed Tls" and version " >= 1.3.0 < 1.3.14"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				>= 2.0.0 < 2.1.2 Search vendor "Arm" for product "Mbed Tls" and version " >= 2.0.0 < 2.1.2"		-		Affected
Polarssl Search vendor "Polarssl"		Polarssl Search vendor "Polarssl" for product "Polarssl"				>= 1.0.0 < 1.2.17 Search vendor "Polarssl" for product "Polarssl" and version " >= 1.0.0 < 1.2.17"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				21 Search vendor "Fedoraproject" for product "Fedora" and version "21"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				22 Search vendor "Fedoraproject" for product "Fedora" and version "22"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				23 Search vendor "Fedoraproject" for product "Fedora" and version "23"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				42.1 Search vendor "Opensuse" for product "Leap" and version "42.1"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2"		-		Affected