[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2015-3196

Date: (C)2015-12-15   (M)2017-11-15 


ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.

CVSS Score: 4.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL





Reference:
SECTRACK-1034294
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
BID-78622
DSA-3413
FEDORA-2015-d87d60b9a9
HPSBGN03536
RHSA-2015:2617
SSA:2015-349-04
USN-2830-1
http://fortiguard.com/advisory/openssl-advisory-december-2015
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://openssl.org/news/secadv/20151203.txt
http://www.fortiguard.com/advisory/openssl-advisory-december-2015
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://git.openssl.org/?p=openssl.git;a=commit;h=3c66a669dfc7b3792f7af0758ea26fe8502ce70c
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
openSUSE-SU-2015:2288
openSUSE-SU-2015:2289

CPE    39
cpe:/a:oracle:vm_virtualbox:5.0.13
cpe:/a:oracle:vm_virtualbox:4.3.35
cpe:/a:openssl:openssl:1.0.0h
cpe:/a:openssl:openssl:1.0.0g
...
CWE    1
CWE-362
OVAL    12
oval:org.secpod.oval:def:702871
oval:org.secpod.oval:def:602296
oval:org.secpod.oval:def:501726
oval:org.secpod.oval:def:109800
...

© 2013 SecPod Technologies