Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2015-0291

Published: 19/03/2015 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Openssl

Vulnerability Summary

The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 prior to 1.0.2a allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 1.0.2

Vendor Advisories

Red Hat: CVE-2015-0291
The sigalgs implementation in t1_libc in OpenSSL 102 before 102a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation ...
Cisco: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or corrupt portions of OpenSSL process memory On March 19, 2015, the OpenSSL Project released a security advisory detailing 13 distinct vulner ...

ICS Advisories

Siemens SCALANCE X-200RNA Switch Devices

Github Repositories

https://github.com/wcventure/FuzzingPaper

Recent Fuzzing Paper

Recent Papers Related To Fuzzing This website is only used for collecting and grouping the related paper If there are any paper need to be updated, you can contribute PR Please check the web wcventuregithubio/FuzzingPaper/, as the md file shown in Github is cropped Advertisement: Our ICTT (Guangzhou) research group is accepting applications for master’s, do

https://github.com/mishmashclone/wcventure-FuzzingPaper

https://github.com/wcventure/FuzzingPaper

Recent Papers Related To Fuzzing Remark: This website is only used for collecting and grouping the related paper If there are any paper need to be updated, you can contribute PR Main Repo: githubcom/wcventure/FuzzingPaper Mirrors: gitcodenet/mirrors/wcventure/FuzzingPaper All Papers (Classification according to Publication) Survey/Review Fuzzing: Challen

https://github.com/niccoX/patch-openssl-CVE-2014-0291_CVE-2015-0204

patch-openssl-CVE-2015-0291_CVE-2015-0204 Patch openssl with ansible Usage : pip install ansible ansible-playbook -i your_inventory_file patch-openssl-CVE-2015-0291_CVE-2015-0204 your_inventory_file just need to contain your server list : 192168010 webserver1examplecom webserver2examplecom db1examplecom

Recent Articles

Awoogah: Get ready to patch 'severe' bug in OpenSSL this Thursday
The Register • Chris Williams, Editor in Chief • 06 Jul 2015

Heads up for July 9 security vulnerability fix

Sysadmins and anyone else with systems running OpenSSL code: a new version of the open-source crypto library will be released this week to "fix a single security defect classified as 'high' severity." The bug, we're told, will be addressed in versions 1.0.2d and 1.0.1p of the software. The vulnerability does not affect the 1.0.0 or 0.9.8 series. OpenSSL is a widely used library that provides encrypted HTTPS connections for countless websites, as well as other secure services. "The OpenSSL projec...

Read more...
OpenSSL 'high' severity flaw just a puny DoS risk
The Register • John Leyden • 19 Mar 2015

Is that all you’ve got, ClientHello? I put on my brown trousers for this?

OpenSSL patched a “high” severity flaw as part of a patch batch on Thursday that turned out to be nowhere near as scary as widely feared. Fortunately, fears the software update might address another Heartbleed have been confounded. The worst of the flaws – dubbed ClientHello (CVE-2015-0291) – is simply a DoS risk, as an advisory from the developers explains. The other “high” (the highest severity classification of flaw in the OpenSSL world) vulnerability in the batch turned up to ref...

Read more...

References

NVD-CWE-Otherhttps://www.openssl.org/news/secadv_20150319.txthttps://bugzilla.redhat.com/show_bug.cgi?id=1202338http://www.securitytracker.com/id/1031929http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttps://bto.bluecoat.com/security-advisory/sa92http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttp://marc.info/?l=bugtraq&m=144050297101809&w=2http://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlhttp://www.securityfocus.com/bid/73235http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015https://security.gentoo.org/glsa/201503-11https://kc.mcafee.com/corporate/index?page=content&id=SB10110http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=76343947ada960b6269090638f5391068daee88dhttps://nvd.nist.govhttps://github.com/wcventure/FuzzingPaperhttps://access.redhat.com/security/cve/cve-2015-0291https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook