NVD

Id
22771  
Name
CVE-2015-0290  
Description
The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-19  
Published
2015-03-19  
Modified Date
2017-01-02  
Seq
2015-0290  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
120840 22771 CVE-2015-0290 HPSBMU03380  View
120841 22771 CVE-2015-0290 HPSBMU03409  View
120842 22771 CVE-2015-0290 HPSBMU03397  View
120843 22771 CVE-2015-0290 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html  View
120844 22771 CVE-2015-0290 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html  View
120845 22771 CVE-2015-0290 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html  View
120846 22771 CVE-2015-0290 http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html  View
120847 22771 CVE-2015-0290 73226  View
120848 22771 CVE-2015-0290 1031929  View
120849 22771 CVE-2015-0290 https://bto.bluecoat.com/security-advisory/sa92  View
120850 22771 CVE-2015-0290 https://bugzilla.redhat.com/show_bug.cgi?id=1202345  View
120851 22771 CVE-2015-0290 https://git.openssl.org/?p=openssl.git;a=commit;h=77c77f0a1b9f15b869ca3342186dfbedd1119d0e  View
120852 22771 CVE-2015-0290 https://kc.mcafee.com/corporate/index?page=content&id=SB10110  View
120853 22771 CVE-2015-0290 GLSA-201503-11  View
120854 22771 CVE-2015-0290 https://www.openssl.org/news/secadv_20150319.txt  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
6565 JVNDB-2015-001885 AES-NI をサポートする 64-bit x86 プラットフォーム上で稼動する OpenSSL におけるサービス運用妨害 (DoS) の脆弱性 AES-NI をサポートする 64-bit x86 プラットフォーム上で稼動する OpenSSL の s3_pkt.c の ssl3_write_bytes 関数のマルチブロック機能は、特定のノンブロッキング I/O ケースを適切に処理しないため、サービス運用妨害 (ポインタの破損およびアプリケーションクラッシュ) 状態にされる脆弱性が存在します。 CVE-2015-0290 77501 CVE-2015-0290 22771 5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-001885.html 2015-03-19 2016-11-09 View