NVD

Id
22770  
Name
CVE-2015-0289  
Description
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-19  
Published
2015-03-19  
Modified Date
2017-01-02  
Seq
2015-0289  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
120798 22770 CVE-2015-0289 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680  View
120799 22770 CVE-2015-0289 APPLE-SA-2015-06-30-2  View
120800 22770 CVE-2015-0289 FEDORA-2015-4303  View
120801 22770 CVE-2015-0289 FEDORA-2015-4320  View
120802 22770 CVE-2015-0289 FEDORA-2015-4300  View
120803 22770 CVE-2015-0289 FEDORA-2015-6951  View
120804 22770 CVE-2015-0289 FEDORA-2015-6855  View
120805 22770 CVE-2015-0289 SUSE-SU-2015:0541  View
120806 22770 CVE-2015-0289 SUSE-SU-2015:0578  View
120807 22770 CVE-2015-0289 openSUSE-SU-2015:1277  View
120808 22770 CVE-2015-0289 openSUSE-SU-2016:0640  View
120809 22770 CVE-2015-0289 openSUSE-SU-2015:0554  View
120810 22770 CVE-2015-0289 HPSBGN03306  View
120811 22770 CVE-2015-0289 SSRT102000  View
120812 22770 CVE-2015-0289 HPSBMU03380  View
120813 22770 CVE-2015-0289 HPSBMU03409  View
120814 22770 CVE-2015-0289 HPSBMU03397  View
120815 22770 CVE-2015-0289 RHSA-2015:0715  View
120816 22770 CVE-2015-0289 RHSA-2015:0716  View
120817 22770 CVE-2015-0289 RHSA-2015:0752  View
120818 22770 CVE-2015-0289 RHSA-2015:0800  View
120819 22770 CVE-2015-0289 http://support.apple.com/kb/HT204942  View
120820 22770 CVE-2015-0289 DSA-3197  View
120821 22770 CVE-2015-0289 http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015  View
120822 22770 CVE-2015-0289 MDVSA-2015:062  View
120823 22770 CVE-2015-0289 MDVSA-2015:063  View
120824 22770 CVE-2015-0289 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html  View
120825 22770 CVE-2015-0289 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html  View
120826 22770 CVE-2015-0289 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html  View
120827 22770 CVE-2015-0289 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html  View
120828 22770 CVE-2015-0289 http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html  View
120829 22770 CVE-2015-0289 73231  View
120830 22770 CVE-2015-0289 1031929  View
120831 22770 CVE-2015-0289 USN-2537-1  View
120832 22770 CVE-2015-0289 https://access.redhat.com/articles/1384453  View
120833 22770 CVE-2015-0289 https://bto.bluecoat.com/security-advisory/sa92  View
120834 22770 CVE-2015-0289 https://bugzilla.redhat.com/show_bug.cgi?id=1202384  View
120835 22770 CVE-2015-0289 https://git.openssl.org/?p=openssl.git;a=commit;h=c0334c2c92dd1bc3ad8138ba6e74006c3631b0f9  View
120836 22770 CVE-2015-0289 https://kc.mcafee.com/corporate/index?page=content&id=SB10110  View
120837 22770 CVE-2015-0289 GLSA-201503-11  View
120838 22770 CVE-2015-0289 FreeBSD-SA-15:06  View
120839 22770 CVE-2015-0289 https://www.openssl.org/news/secadv_20150319.txt  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
6564 JVNDB-2015-001884 OpenSSL の PKCS#7 の実装におけるサービス運用妨害 (DoS) の脆弱性 OpenSSL の PKCS#7 の実装は、外部の ContentInfo の欠落を適切に処理しないため、サービス運用妨害 (NULL ポインタデリファレンスおよびアプリケーションクラッシュ) 状態にされる脆弱性が存在します。 CVE-2015-0289 77500 CVE-2015-0289 22770 5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-001884.html 2015-03-19 2016-11-09 View