NVD
- Id
- 24029
- Name
- CVE-2015-1789
- Description
- The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.
- Reject
- CVSS Version
- 2
- CVSS Score
- 4.3
- Severity
- Medium
- CVSS Base Score
- 4.3
- CVSS Impact Subscore
- 2.9
- CVSS Exploit Subscore
- 8.6
- CVSS Vector
- (AV:N/AC:M/Au:N/C:N/I:N/A:P)
- Pub Date
- 2017-01-19
- Published
- 2015-06-12
- Modified Date
- 2016-12-30
- Seq
- 2015-1789
Related NVD References
Related JVN
| Id | Name | Title | Summary | Cveinfo Name | Cveinfo Id | Nvdinfo Name | Nvdinfo Id | Cvssv2 | Cvssv3 | Jvnurl | Published Date | Last Updated Date | Actions |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 7761 | JVNDB-2015-003081 | OpenSSL の crypto/x509/x509_vfy.c の X509_cmp_time 関数におけるサービス運用妨害 (DoS) の脆弱性 | OpenSSL の crypto/x509/x509_vfy.c の X509_cmp_time 関数には、サービス運用妨害 (out-of-bounds read およびアプリケーションクラッシュ) 状態にされる脆弱性が存在します。 | CVE-2015-1789 | 79014 | CVE-2015-1789 | 24029 | 4.3 | 7.5 | http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-003081.html | 2015-06-11 | 2016-10-07 | View |
