National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2015-3194 Detail

Description

crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.

Source:  MITRE      Last Modified:  12/06/2015

Evaluator Description

CWE-476: NULL Pointer Dereference

Quick Info

CVE Dictionary Entry:
CVE-2015-3194
Original release date:
12/06/2015
Last revised:
01/04/2018
Source:
US-CERT/NIST

Impact

CVSS Severity (version 3.0):
CVSS v3 Base Score:
7.5 High
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (legend)
Impact Score:
3.6
Exploitability Score:
3.9
CVSS Version 3 Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High
CVSS Severity (version 2.0):
CVSS v2 Base Score:
5.0 MEDIUM
Vector:
(AV:N/AC:L/Au:N/C:N/I:N/A:P) (legend)
Impact Subscore:
2.9
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://fortiguard.com/advisory/openssl-advisory-december-2015 External Source CONFIRM http://fortiguard.com/advisory/openssl-advisory-december-2015
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 External Source CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 External Source CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html External Source FEDORA FEDORA-2015-d87d60b9a9
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html External Source SUSE openSUSE-SU-2016:0637
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html External Source SUSE openSUSE-SU-2016:1332
http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html External Source SUSE openSUSE-SU-2015:2288
http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html External Source SUSE openSUSE-SU-2015:2289
http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html External Source SUSE openSUSE-SU-2015:2318
http://marc.info/?l=bugtraq&m=145382583417444&w=2 External Source HP HPSBGN03536
http://openssl.org/news/secadv/20151203.txt Vendor Advisory External Source CONFIRM http://openssl.org/news/secadv/20151203.txt
http://rhn.redhat.com/errata/RHSA-2015-2617.html External Source REDHAT RHSA-2015:2617
http://rhn.redhat.com/errata/RHSA-2016-2957.html External Source REDHAT RHSA-2016:2957
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl External Source CISCO 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
http://www.debian.org/security/2015/dsa-3413 External Source DEBIAN DSA-3413
http://www.fortiguard.com/advisory/openssl-advisory-december-2015 External Source CONFIRM http://www.fortiguard.com/advisory/openssl-advisory-december-2015
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/78623 External Source BID 78623
http://www.securityfocus.com/bid/91787 External Source BID 91787
http://www.securitytracker.com/id/1034294 External Source SECTRACK 1034294
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583 External Source SLACKWARE SSA:2015-349-04
http://www.ubuntu.com/usn/USN-2830-1 External Source UBUNTU USN-2830-1
https://bugzilla.redhat.com/show_bug.cgi?id=1288320 External Source CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1288320
https://git.openssl.org/?p=openssl.git;a=commit;h=c394a488942387246653833359a5c94b5832674e External Source CONFIRM https://git.openssl.org/?p=openssl.git;a=commit;h=c394a488942387246653833359a5c94b5832674e
https://git.openssl.org/?p=openssl.git;a=commit;h=d8541d7e9e63bf5f343af24644046c8d96498c17 External Source CONFIRM https://git.openssl.org/?p=openssl.git;a=commit;h=d8541d7e9e63bf5f343af24644046c8d96498c17
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100 External Source CONFIRM https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100

Technical Details

Vulnerability Type (View All)

Change History 24 change records found - show changes