445
VMScore

CVE-2015-3194

Published: 06/12/2015 Updated: 07/02/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 prior to 1.0.1q and 1.0.2 prior to 1.0.2e allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 1.0.1

openssl openssl 1.0.1a

openssl openssl 1.0.1b

openssl openssl 1.0.1c

openssl openssl 1.0.1d

openssl openssl 1.0.1e

openssl openssl 1.0.1f

openssl openssl 1.0.1g

openssl openssl 1.0.1h

openssl openssl 1.0.1i

openssl openssl 1.0.1j

openssl openssl 1.0.1k

openssl openssl 1.0.1l

openssl openssl 1.0.1m

openssl openssl 1.0.1n

openssl openssl 1.0.1o

openssl openssl 1.0.1p

openssl openssl 1.0.2

openssl openssl 1.0.2a

openssl openssl 1.0.2b

openssl openssl 1.0.2c

openssl openssl 1.0.2d

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 15.04

canonical ubuntu linux 15.10

debian debian linux 7.0

debian debian linux 8.0

Vendor Advisories

Synopsis Moderate: openssl security update Type/Severity Security Advisory: Moderate Topic Updated openssl packages that fix three security issues are now availablefor Red Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulnerability Scor ...
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-3194 Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NULL pointer dereference if presented with an A ...
A NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm A remote attacker could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication ...
Several security issues were fixed in OpenSSL ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication (CVE-2015-3194 ) A memory leak vulnerability was found in the way OpenSSL parsed P ...
SecurityCenter and the Tenable Appliance are potentially impacted by vulnerabilities in OpenSSL that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of the issue, Tenable has opted to patch the included version of OpenSSL as a precaution, and to save time CVE-2015-3194 - crypto/rsa/rsa_amethc in Ope ...
Support My AccountForcepoint Support Site Guest User (Logout)Community My Account Visitor(login)Community CVE-2015-3194, 3195, 3196 -- Security Vulnerabilities Article Number: 000008483 Products: Email Securit ...
Synopsis Important: Red Hat JBoss Core Services Apache HTTP 2423 Release Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services httpd 2423 is now available from the Red Hat Customer Portal for Solaris and Microsoft Windows systemsRed Hat Product Security has rated this release as ...
On December 3, 2015, the OpenSSL Project released a security advisory detailing five vulnerabilities Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition  This advisory will be updated as add ...
<!-- Start - Changes for Security Advisory Channel --> Security Advisory ID SYMSA1338 Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score: Legacy ID 10 Dec 2015 Open Medium CVSS v2: 50 SA1 ...
Debian Bug report logs - #821094 Security fixes from the April 2016 CPU Package: src:mysql-56; Maintainer for src:mysql-56 is (unknown); Reported by: "Norvald H Ryeng" &lt;norvaldryeng@oraclecom&gt; Date: Fri, 15 Apr 2016 12:03:01 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in version mysql-56/562 ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 1014 macOS Mojave 1014 addresses the following: Bluetooth Available for: iMac (215-inch, Late 2012), iMac (27-inch, Late 2012) , iMac (215-inch, Late 2013), iMac (215-inch, Mid 2014), iMac (Retina 5K, 27-inch, L ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 1014 macOS Mojave 1014 addresses the following: Bluetooth Available for: iMac (215-inch, Late 2012), iMac (27-inch, Late 2012) , iMac (215-inch, Late 2013), iMac (215-inch, Mid 2014), iMac (Retina 5K, 27-inch, L ...
Orion Elite Hidden IP Browser Pro versions 10 through 79 have insecure versions of Tor and OpenSSL included and also suffer from man-in-the-middle vulnerabilities ...

Github Repositories

Halon MTA changelog

Halon MTA changelog 54 | 53 | 52 Halon is a fast, flexible and powerful MTA for demanding uses such as large-scale email services New installations are deployed by downloading a disk image or virtual machine template Existing systems can be easily updated, after having familiarised yourself with the release notes There is an RSS feed available 54-p1 Released on 2020-08

References

NVD-CWE-Otherhttp://fortiguard.com/advisory/openssl-advisory-december-2015http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.htmlhttp://lists.opensuse.org/opensuse-updates/2015-12/msg00070.htmlhttp://lists.opensuse.org/opensuse-updates/2015-12/msg00071.htmlhttp://lists.opensuse.org/opensuse-updates/2015-12/msg00087.htmlhttp://marc.info/?l=bugtraq&m=145382583417444&w=2http://openssl.org/news/secadv/20151203.txthttp://rhn.redhat.com/errata/RHSA-2015-2617.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2957.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-opensslhttp://www.debian.org/security/2015/dsa-3413http://www.fortiguard.com/advisory/openssl-advisory-december-2015http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/78623http://www.securityfocus.com/bid/91787http://www.securitytracker.com/id/1034294http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583http://www.ubuntu.com/usn/USN-2830-1https://bugzilla.redhat.com/show_bug.cgi?id=1288320https://git.openssl.org/?p=openssl.git;a=commit;h=c394a488942387246653833359a5c94b5832674ehttps://git.openssl.org/?p=openssl.git;a=commit;h=d8541d7e9e63bf5f343af24644046c8d96498c17https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100https://access.redhat.com/errata/RHSA-2015:2617https://nvd.nist.govhttps://usn.ubuntu.com/2830-1/http://tools.cisco.com/security/center/viewAlert.x?alertId=42530