Vulnerability & Exploit Database

Displaying entries 1 - 10 of 47 in total

Results for: CVE-2015-2830 Back to search

Ubuntu: USN-2830-1 (CVE-2015-3196): OpenSSL vulnerabilities Vulnerability

  • Severity: 4
  • Published: December 06, 2015

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.

Ubuntu: USN-2830-1 (CVE-2015-3195): OpenSSL vulnerabilities Vulnerability

  • Severity: 5
  • Published: December 06, 2015

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS...

Ubuntu: USN-2830-1 (CVE-2015-3194): OpenSSL vulnerabilities Vulnerability

  • Severity: 5
  • Published: December 06, 2015

crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.

Ubuntu: USN-2830-1 (CVE-2015-3193): OpenSSL vulnerabilities Vulnerability

  • Severity: 5
  • Published: December 06, 2015

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of ...

Ubuntu: USN-2830-1 (CVE-2015-1794): OpenSSL vulnerabilities Vulnerability

  • Severity: 5
  • Published: December 06, 2015

The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.

SUSE: CVE-2015-3196: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: December 06, 2015

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.

SUSE: CVE-2015-3195: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: December 06, 2015

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS...

SUSE: CVE-2015-3194: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: December 06, 2015

crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.

SUSE: CVE-2015-3193: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: December 06, 2015

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of ...

SUSE: CVE-2015-1794: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: December 06, 2015

The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.