Published: 06/12/2015 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 prior to 1.0.1q and 1.0.2 prior to 1.0.2e allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl 1.0.1m
openssl openssl 1.0.2a
openssl openssl 1.0.1j
openssl openssl 1.0.1h
openssl openssl 1.0.2b
openssl openssl 1.0.1c
openssl openssl 1.0.1g
openssl openssl 1.0.1a
openssl openssl 1.0.1d
openssl openssl 1.0.2c
openssl openssl 1.0.1p
openssl openssl 1.0.1k
openssl openssl 1.0.1b
openssl openssl 1.0.1n
openssl openssl 1.0.1e
openssl openssl 1.0.1l
openssl openssl 1.0.1f
openssl openssl 1.0.1o
openssl openssl 1.0.2
openssl openssl 1.0.1i
openssl openssl 1.0.1
openssl openssl 1.0.2d
canonical ubuntu linux 12.04
canonical ubuntu linux 15.10
canonical ubuntu linux 14.04
canonical ubuntu linux 15.04
debian debian linux 8.0
debian debian linux 7.0
nodejs node.js

Debian Bug report logs - #821094 Security fixes from the April 2016 CPU Package: src:mysql-56; Maintainer for src:mysql-56 is (unknown); Reported by: "Norvald H Ryeng" <norvaldryeng@oraclecom> Date: Fri, 15 Apr 2016 12:03:01 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in version mysql-56/562 ...

Synopsis Moderate: openssl security update Type/Severity Security Advisory: Moderate Topic Updated openssl packages that fix three security issues are now availablefor Red Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulnerability Scor ...

Synopsis Important: Red Hat JBoss Core Services Apache HTTP 2423 Release Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services httpd 2423 is now available from the Red Hat Customer Portal for Solaris and Microsoft Windows systemsRed Hat Product Security has rated this release as ...

Several security issues were fixed in OpenSSL ...

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-3194 Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NULL pointer dereference if presented with an A ...

A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication (CVE-2015-3194) A memory leak vulnerability was found in the way OpenSSL parsed PK ...

A NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm A remote attacker could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication ...

On December 3, 2015, the OpenSSL Project released a security advisory detailing five vulnerabilities Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition This advisory will be updated as addi ...

SecurityCenter and the Tenable Appliance are potentially impacted by vulnerabilities in OpenSSL that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of the issue, Tenable has opted to patch the included version of OpenSSL as a precaution, and to save time CVE-2015-3194 - crypto/rsa/rsa_amethc in Ope ...

Orion Elite Hidden IP Browser Pro versions 10 through 79 have insecure versions of Tor and OpenSSL included and also suffer from man-in-the-middle vulnerabilities ...

Full Disclosure mailing list archives   By Date By Thread </form>    APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 1014  < ...

CWE-476 http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html http://www.debian.org/security/2015/dsa-3413 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html http://www.fortiguard.com/advisory/openssl-advisory-december-2015 http://fortiguard.com/advisory/openssl-advisory-december-2015 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html http://www.securityfocus.com/bid/78623 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 http://www.securityfocus.com/bid/91787 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667 http://marc.info/?l=bugtraq&m=145382583417444&w=2 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100 http://openssl.org/news/secadv/20151203.txt https://bugzilla.redhat.com/show_bug.cgi?id=1288320 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl http://rhn.redhat.com/errata/RHSA-2015-2617.html http://www.ubuntu.com/usn/USN-2830-1 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583 http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322 http://www.securitytracker.com/id/1034294 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://rhn.redhat.com/errata/RHSA-2016-2957.html https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c394a488942387246653833359a5c94b5832674e https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d8541d7e9e63bf5f343af24644046c8d96498c17 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821094 https://nvd.nist.gov https://usn.ubuntu.com/2830-1/https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21

CVE-2015-3194

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect