[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87888

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2015-3196Date: (C)2015-12-15   (M)2018-06-20


ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1034294
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
BID-78622
DSA-3413
FEDORA-2015-d87d60b9a9
HPSBGN03536
RHSA-2015:2617
RHSA-2016:2957
SSA:2015-349-04
USN-2830-1
http://fortiguard.com/advisory/openssl-advisory-december-2015
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://openssl.org/news/secadv/20151203.txt
http://www.fortiguard.com/advisory/openssl-advisory-december-2015
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://git.openssl.org/?p=openssl.git;a=commit;h=3c66a669dfc7b3792f7af0758ea26fe8502ce70c
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
openSUSE-SU-2015:2288
openSUSE-SU-2015:2289

CPE    39
cpe:/a:openssl:openssl:1.0.0o
cpe:/a:openssl:openssl:1.0.0p
cpe:/a:openssl:openssl:1.0.0r
cpe:/a:openssl:openssl:1.0.0q
...
CWE    1
CWE-362
OVAL    12
oval:org.secpod.oval:def:1501275
oval:org.secpod.oval:def:602296
oval:org.secpod.oval:def:501726
oval:org.secpod.oval:def:109800
...

© SecPod Technologies