NVD

Id
22773  
Name
CVE-2015-0292  
Description
Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2015-03-19  
Modified Date
2017-01-02  
Seq
2015-0292  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
120871 22773 CVE-2015-0292 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680  View
120872 22773 CVE-2015-0292 FEDORA-2015-4303  View
120873 22773 CVE-2015-0292 FEDORA-2015-4320  View
120874 22773 CVE-2015-0292 FEDORA-2015-4300  View
120875 22773 CVE-2015-0292 SUSE-SU-2015:0578  View
120876 22773 CVE-2015-0292 SSRT102000  View
120877 22773 CVE-2015-0292 HPSBMU03380  View
120878 22773 CVE-2015-0292 HPSBMU03409  View
120879 22773 CVE-2015-0292 HPSBMU03397  View
120880 22773 CVE-2015-0292 RHSA-2015:0715  View
120881 22773 CVE-2015-0292 RHSA-2015:0716  View
120882 22773 CVE-2015-0292 RHSA-2015:0752  View
120883 22773 CVE-2015-0292 RHSA-2015:0800  View
120884 22773 CVE-2015-0292 DSA-3197  View
120885 22773 CVE-2015-0292 http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015  View
120886 22773 CVE-2015-0292 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html  View
120887 22773 CVE-2015-0292 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html  View
120888 22773 CVE-2015-0292 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html  View
120889 22773 CVE-2015-0292 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html  View
120890 22773 CVE-2015-0292 http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html  View
120891 22773 CVE-2015-0292 73228  View
120892 22773 CVE-2015-0292 1031929  View
120893 22773 CVE-2015-0292 USN-2537-1  View
120894 22773 CVE-2015-0292 https://access.redhat.com/articles/1384453  View
120895 22773 CVE-2015-0292 https://bto.bluecoat.com/security-advisory/sa92  View
120896 22773 CVE-2015-0292 https://bugzilla.redhat.com/show_bug.cgi?id=1202395  View
120897 22773 CVE-2015-0292 https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d0666f289ac013094bbbf547bfbcd616199b7d2d  View
120898 22773 CVE-2015-0292 https://kc.mcafee.com/corporate/index?page=content&id=SB10110  View
120899 22773 CVE-2015-0292 https://rt.openssl.org/Ticket/Display.html?id=2608&user=guest&pass=guest  View
120900 22773 CVE-2015-0292 GLSA-201503-11  View
120901 22773 CVE-2015-0292 https://www.openssl.org/news/secadv_20150319.txt  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
6567 JVNDB-2015-001887 OpenSSL の base64-decoding の実装の crypto/evp/encode.c における整数アンダーフローの脆弱性 OpenSSL の base64-decoding の実装の crypto/evp/encode.c 内の EVP_DecodeUpdate 関数には、整数アンダーフローの脆弱性が存在します。 CVE-2015-0292 77503 CVE-2015-0292 22773 7.5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-001887.html 2015-03-19 2016-11-09 View