Published: 19/03/2015 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL prior to 0.9.8za, 1.0.0 prior to 1.0.0m, and 1.0.1 prior to 1.0.1h allows remote malicious users to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl 1.0.0c
openssl openssl 1.0.0i
openssl openssl 1.0.1c
openssl openssl 1.0.1g
openssl openssl 1.0.0h
openssl openssl 1.0.0e
openssl openssl 1.0.0f
openssl openssl 1.0.0d
openssl openssl 1.0.0j
openssl openssl 1.0.1a
openssl openssl 1.0.1d
openssl openssl 1.0.0k
openssl openssl 1.0.0
openssl openssl 1.0.1b
openssl openssl 1.0.1e
openssl openssl 1.0.1f
openssl openssl 1.0.0l
openssl openssl
openssl openssl 1.0.0a
openssl openssl 1.0.0b
openssl openssl 1.0.1
openssl openssl 1.0.0g

Several security issues were fixed in OpenSSL ...

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must ...

An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash Note: this flaw is not exploitable via the TL ...

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or corrupt portions of OpenSSL process memory On March 19, 2015, the OpenSSL Project released a security advisory detailing 13 distinct vulner ...

Nessus is potentially impacted by seven vulnerabilities in OpenSSL that were recently disclosed and fixed OpenSSL contains an invalid read flaw in the ASN1_TYPE_cmp() function in crypto/asn1/a_typec that is triggered when an attempt is made to compare ASN1 boolean types This may allow a context-dependent attacker to crash an application linked ...

Description of Problem A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler-based hardware appliances: Citrix NetScaler Application Delivery Controller (ADC) Citrix NetScaler Gateway Citrix NetScaler Service Delivery Appliance Citrix CloudBridge (now NetScaler S ...

CWE-119 https://www.openssl.org/news/secadv_20150319.txt https://rt.openssl.org/Ticket/Display.html?id=2608&user=guest&pass=guest https://bugzilla.redhat.com/show_bug.cgi?id=1202395 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html http://www.debian.org/security/2015/dsa-3197 http://www.ubuntu.com/usn/USN-2537-1 http://www.securitytracker.com/id/1031929 http://rhn.redhat.com/errata/RHSA-2015-0716.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html http://rhn.redhat.com/errata/RHSA-2015-0752.html http://rhn.redhat.com/errata/RHSA-2015-0715.html http://rhn.redhat.com/errata/RHSA-2015-0800.html https://access.redhat.com/articles/1384453 http://www.securityfocus.com/bid/73228 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html https://bto.bluecoat.com/security-advisory/sa92 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://marc.info/?l=bugtraq&m=144050297101809&w=2 http://marc.info/?l=bugtraq&m=143213830203296&w=2 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015 https://security.gentoo.org/glsa/201503-11 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680 https://kc.mcafee.com/corporate/index?page=content&id=SB10110 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://support.citrix.com/article/CTX216642 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=d0666f289ac013094bbbf547bfbcd616199b7d2d https://nvd.nist.gov https://usn.ubuntu.com/2537-1/https://access.redhat.com/security/cve/cve-2015-0292 https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21

CVE-2015-0292

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect