what you don't know can hurt you
Showing 1 - 11 of 11 RSS Feed

CVE-2015-0292

Status Candidate

Overview

Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.

Related Files

HP Security Bulletin HPSBMU03397 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03397 1 - Potential security vulnerabilities have been identified with HP Version Control Agent (VCA) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), unauthorized modification, unauthorized access, or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0285, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0290, CVE-2015-0291, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787
MD5 | 0d9bf4c34505c4e8f90c075c2409ec29
HP Security Bulletin HPSBUX03334 SSRT102000 1
Posted May 20, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03334 SSRT102000 1 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, remote, denial of service, vulnerability
systems | hpux
advisories | CVE-2015-0204, CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293
MD5 | 2b38a739f74c167f51559de9b66331aa
Red Hat Security Advisory 2015-0800-01
Posted Apr 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0800-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2014-8275, CVE-2015-0204, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293
MD5 | b96cdbfc0d7559571c323c6dacd80e5b
Red Hat Security Advisory 2015-0752-01
Posted Mar 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0752-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application. An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded.

tags | advisory, remote, overflow, protocol
systems | linux, redhat
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293
MD5 | 2890be251345200f380dd19ad7e722ce
Debian Security Advisory 3197-2
Posted Mar 25, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3197-2 - The openssl update issued as DSA 3197-1 caused regressions. This update reverts the defective patch applied in that update causing these problems. Additionally a follow-up fix for CVE-2015-0209 is applied.

tags | advisory
systems | linux, debian
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292
MD5 | 797087f48952f61f2312787b2062f077
Red Hat Security Advisory 2015-0716-01
Posted Mar 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0716-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application. An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded.

tags | advisory, remote, overflow, protocol
systems | linux, redhat
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293
MD5 | 84c06482c884d666f0674209111c6d16
Red Hat Security Advisory 2015-0715-01
Posted Mar 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0715-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application. An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded.

tags | advisory, remote, overflow, protocol
systems | linux, redhat
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293
MD5 | 9c5429281270d2cf5d0d7d74e66bab1e
OpenSSL Security Advisory - 12 Security Fixes
Posted Mar 20, 2015
Site openssl.org

OpenSSL has addressed twelve vulnerabilities including denial of service, silent downgrading, corrupted pointer, segmentation fault, memory corruption, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability
advisories | CVE-2015-0204, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0285, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0290, CVE-2015-0291, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787
MD5 | d5e61bc62fd70b1e4faa9d5757fe8ea0
Gentoo Linux Security Advisory 201503-11
Posted Mar 20, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201503-11 - Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure. Versions less than 1.0.1l-r1 are affected.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2015-0204, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0285, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0290, CVE-2015-0291, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787
MD5 | 4a2e3489d02d9cd892b08aaab0121cc9
Ubuntu Security Notice USN-2537-1
Posted Mar 20, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2537-1 - It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. Stephen Henson discovered that OpenSSL incorrectly handled comparing ASN.1 boolean types. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293
MD5 | af6954b41cf8921ca646fd8bce9c0314
Debian Security Advisory 3197-1
Posted Mar 20, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3197-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292
MD5 | 81d2834847d1995a892ad45b8b801880
Page 1 of 1
Back1Next

File Archive:

June 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    10 Files
  • 2
    Jun 2nd
    9 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close