Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2015-1790

Published: 12/06/2015 Updated: 13/12/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Openssl

Vulnerability Summary

The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL prior to 0.9.8zg, 1.0.0 prior to 1.0.0s, 1.0.1 prior to 1.0.1n, and 1.0.2 prior to 1.0.2b allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

openssl openssl 1.0.1m

openssl openssl 1.0.2a

openssl openssl 1.0.1j

openssl openssl 1.0.0n

openssl openssl 1.0.1

openssl openssl 1.0.0c

openssl openssl 1.0.0i

openssl openssl 1.0.0

openssl openssl 1.0.1h

openssl openssl 1.0.0m

openssl openssl 1.0.1c

openssl openssl 1.0.1g

openssl openssl 1.0.0h

openssl openssl 1.0.0e

openssl openssl 1.0.0f

openssl openssl 1.0.0d

openssl openssl 1.0.0j

openssl openssl 1.0.0p

openssl openssl 1.0.1a

openssl openssl 1.0.0o

openssl openssl 1.0.1d

openssl openssl 1.0.0k

openssl openssl 1.0.2

openssl openssl 1.0.1k

openssl openssl 1.0.1b

openssl openssl 1.0.1e

openssl openssl 1.0.1l

openssl openssl 1.0.1f

openssl openssl 1.0.0l

openssl openssl 1.0.0r

openssl openssl 1.0.0a

openssl openssl 1.0.0q

openssl openssl 1.0.1i

openssl openssl 1.0.0b

openssl openssl 1.0.0g

Vendor Advisories

Ubuntu Security Notice: openssl vulnerabilities
Several security issues were fixed in OpenSSL ...
Amazon Linux AMI: ALAS-2015-550
LOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites) An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation This can lead to a passive man-in-the-middle attack in ...
Red Hat: CVE-2015-1790
A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash TLS/SSL clients and servers using OpenSSL were not affected by this flaw ...
Cisco: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
On June 11, 2015, the OpenSSL Project released a security advisory detailing six distinct vulnerabilities, and another fix that provides hardening protections against exploits as described in the Logjam research Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthe ...
Tenable Security Advisories: [R7] OpenSSL '20150611' Advisory Affects Tenable Products
Nessus and SecurityCenter are potentially impacted by several vulnerabilities in OpenSSL that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to patch the included version of OpenSSL as a precaution, and to save time CVE-2015-1788 - OpenSSL crypto/bn/bn_gf2mc BN_GF2m ...

ICS Advisories

Siemens SCALANCE X-200RNA Switch Devices

Recent Articles

HPE rushes out patch for more than a year of OpenSSL vulns
The Register • Richard Chirgwin • 06 Jul 2016

Logjam in patch pipeline cleared at last

HP Enterprise has popped into its Tardis, and gone back in time to patch OpenSSL bugs dating back to 2014 – including the infamous Logjam bug. The bugs are in various network products: Intelligent Management Center (iMC), the VCX unified communications products, and the Comware network operating system. The company's notice cites Common Vulnerability and Exposure (CVE) advisories CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, and CVE-2015-1793. Most o...

Read more...

References

NVD-CWE-Otherhttps://github.com/openssl/openssl/commit/59302b600e8d5b77ef144e447bb046fd7ab72686https://www.openssl.org/news/secadv_20150611.txthttp://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttps://support.apple.com/kb/HT205031http://marc.info/?l=bugtraq&m=143880121627664&w=2http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.securityfocus.com/bid/91787https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763http://marc.info/?l=bugtraq&m=143654156615516&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.securityfocus.com/bid/75157https://openssl.org/news/secadv/20150611.txthttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015https://bto.bluecoat.com/security-advisory/sa98http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965https://security.gentoo.org/glsa/201506-02http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlhttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.aschttps://kc.mcafee.com/corporate/index?page=content&id=SB10122http://rhn.redhat.com/errata/RHSA-2015-1115.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.htmlhttp://www.ubuntu.com/usn/USN-2639-1http://www.securitytracker.com/id/1032564http://www.debian.org/security/2015/dsa-3287http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-opensslhttp://rhn.redhat.com/errata/RHSA-2015-1197.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttps://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://usn.ubuntu.com/2639-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-1790https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook