National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2015-0287 Detail

Current Description

The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.

Source:  MITRE
View Analysis Description

Severity



CVSS 3.x Severity and Metrics:

NIST CVSS score
NIST: NVD
Base Score: N/A
NVD score not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html
http://marc.info/?l=bugtraq&m=142841429220765&w=2
http://marc.info/?l=bugtraq&m=143213830203296&w=2
http://marc.info/?l=bugtraq&m=143748090628601&w=2
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://marc.info/?l=bugtraq&m=144050297101809&w=2
http://rhn.redhat.com/errata/RHSA-2015-0715.html
http://rhn.redhat.com/errata/RHSA-2015-0716.html
http://rhn.redhat.com/errata/RHSA-2015-0752.html
http://rhn.redhat.com/errata/RHSA-2015-0800.html
http://support.apple.com/kb/HT204942
http://www.debian.org/security/2015/dsa-3197
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www.mandriva.com/security/advisories?name=MDVSA-2015:063
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/bid/73227
http://www.securitytracker.com/id/1031929
http://www.ubuntu.com/usn/USN-2537-1
https://access.redhat.com/articles/1384453
https://bto.bluecoat.com/security-advisory/sa92
https://bugzilla.redhat.com/show_bug.cgi?id=1202380
https://git.openssl.org/?p=openssl.git;a=commit;h=b717b083073b6cacc0a5e2397b661678aff7ae7f
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
https://security.gentoo.org/glsa/201503-11
https://support.apple.com/HT205212
https://support.apple.com/HT205267
https://support.citrix.com/article/CTX216642
https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc
https://www.openssl.org/news/secadv_20150319.txt Vendor Advisory

Weakness Enumeration

CWE-ID CWE Name Source
CWE-17 DEPRECATED: Code NIST  

Known Affected Software Configurations Switch to CPE 2.3

Configuration 1 ( hide )
 cpe:/a:openssl:openssl
     Show Matching CPE(s)
Up to (including)
0.9.8ze
 cpe:/a:openssl:openssl:1.0.0
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.0a
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.0b
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.0c
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.0d
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.0e
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.0f
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.0g
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.0h
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.0i
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.0j
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.0k
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.0l
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.0m
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.0n
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.0o
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.0p
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.0q
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.1
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.1a
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.1b
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.1c
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.1d
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.1e
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.1f
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.1g
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.1h
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.1i
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.1j
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.1k
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.1l
     Show Matching CPE(s)
 cpe:/a:openssl:openssl:1.0.2
     Show Matching CPE(s)


Change History

25 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2015-0287
NVD Published Date:
03/19/2015
NVD Last Modified:
11/14/2017