Published: 19/03/2015 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL prior to 0.9.8zf, 1.0.0 prior to 1.0.0r, 1.0.1 prior to 1.0.1m, and 1.0.2 prior to 1.0.2a might allow malicious users to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl 1.0.1j
openssl openssl 1.0.0n
openssl openssl 1.0.0c
openssl openssl 1.0.0i
openssl openssl 1.0.1h
openssl openssl 1.0.0m
openssl openssl 1.0.1c
openssl openssl 1.0.1g
openssl openssl 1.0.0h
openssl openssl 1.0.0e
openssl openssl 1.0.0f
openssl openssl 1.0.0d
openssl openssl 1.0.0j
openssl openssl 1.0.0p
openssl openssl 1.0.1a
openssl openssl 1.0.0o
openssl openssl 1.0.1d
openssl openssl 1.0.0k
openssl openssl 1.0.1k
openssl openssl 1.0.0
openssl openssl 1.0.1b
openssl openssl 1.0.1e
openssl openssl 1.0.1l
openssl openssl 1.0.1f
openssl openssl 1.0.0l
openssl openssl 1.0.2
openssl openssl 1.0.0a
openssl openssl 1.0.0q
openssl openssl 1.0.1i
openssl openssl 1.0.0b
openssl openssl 1.0.1
openssl openssl 1.0.0g
openssl openssl

Several security issues were fixed in OpenSSL ...

A use-after-free flaw was found in the way OpenSSL importrf certain Elliptic Curve private keys An attacker could use this flaw to crash OpenSSL, if a specially-crafted certificate was imported (CVE-2015-0209) A denial of service flaw was found in the way OpenSSL handled certain SSLv2 messages A malicious client could send a specially crafted SS ...

A NULL pointer dereference flaw was found in OpenSSL's X509 certificate handling implementation A specially crafted X509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request ...

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or corrupt portions of OpenSSL process memory On March 19, 2015, the OpenSSL Project released a security advisory detailing 13 distinct vulner ...

Nessus is potentially impacted by seven vulnerabilities in OpenSSL that were recently disclosed and fixed OpenSSL contains an invalid read flaw in the ASN1_TYPE_cmp() function in crypto/asn1/a_typec that is triggered when an attempt is made to compare ASN1 boolean types This may allow a context-dependent attacker to crash an application linked ...

Description of Problem A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler-based hardware appliances: Citrix NetScaler Application Delivery Controller (ADC) Citrix NetScaler Gateway Citrix NetScaler Service Delivery Appliance Citrix CloudBridge (now NetScaler S ...

A Patch Detection Tool

Robin A patch and vulnerability detection tool for paper "Towards Practical Binary Code Similarity Detection: Vulnerability Verification via Patch Semantic Analysis" For more details, please refer to our paper Preparation pip install -r requirmentstxt Install IDA Pro 7x Then set the path of ida to the variable ida in running_settingpy Make sure the IDA python

A Patch Detection Tool

Robin A patch and vulnerability detection tool for paper "Towards Practical Binary Code Similarity Detection: Vulnerability Verification via Patch Semantic Analysis" For more details, please refer to our paper Preparation pip install -r requirmentstxt Install IDA Pro 7x Then set the path of ida to the variable ida in running_settingpy Make sure the IDA python

An automatic API misuse checker for C programs!

IMChecker: AP{I} {M}isuse {Checker} for C Programs THU, IMChecker Group, contact us at guzx14@mailstsinghaueducn What is IMChecker? Libraries offer reusable functionality through Application Programming Interfaces (APIs) with usage constraints, such as call conditions or orders Constraint violations, ie, API misuses, commonly lead to bugs and security issues Although r

NVD-CWE-Other https://rt.openssl.org/Ticket/Display.html?id=3708&user=guest&pass=guest https://www.openssl.org/news/secadv_20150319.txt https://bugzilla.redhat.com/show_bug.cgi?id=1202418 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html http://www.debian.org/security/2015/dsa-3197 https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html http://www.ubuntu.com/usn/USN-2537-1 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html http://www.securitytracker.com/id/1031929 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html http://rhn.redhat.com/errata/RHSA-2015-0716.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:063 http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 http://rhn.redhat.com/errata/RHSA-2015-0752.html http://rhn.redhat.com/errata/RHSA-2015-0715.html http://marc.info/?l=bugtraq&m=142841429220765&w=2 http://rhn.redhat.com/errata/RHSA-2015-0800.html https://access.redhat.com/articles/1384453 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html http://www.securityfocus.com/bid/73237 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204942 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html https://bto.bluecoat.com/security-advisory/sa92 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://marc.info/?l=bugtraq&m=144050297101809&w=2 http://marc.info/?l=bugtraq&m=144050254401665&w=2 http://marc.info/?l=bugtraq&m=143213830203296&w=2 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html https://security.gentoo.org/glsa/201503-11 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html https://kc.mcafee.com/corporate/index?page=content&id=SB10110 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://support.citrix.com/article/CTX216642 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=28a00bcd8e318da18031b2ac8778c64147cd54f9 https://usn.ubuntu.com/2537-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-0288 https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21

CVE-2015-0288

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect