CVE-2015-1790

Advisory lineage Upstream: 0 Downstream: 14

Downstream

DEBIAN-CVE-2015-1790 DLA-247-1 DSA-3287-1 MGASA-2015-0246 OPENSUSE-SU-2024:10309-1 OPENSUSE-SU-2024:11127-1

Modified

Published: 12 Jun 2015, 00:00

Last modified:06 Aug 2024, 04:54

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5 MEDIUM

v2.0 (nvd)

EPSS Score

9.62% LOW

10% probability -2.16%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

12 Jun 2015, 00:00

Published

Vulnerability first disclosed

06 Aug 2024, 04:54

Last Modified

Vulnerability information updated

Description

The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.

CVSS Metrics

v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 9.62%• Percentile: 93%

Affected Systems

Unknown•OpenSSL
≤ 0.9.8zf | 1.0.0 | 1.0.0:beta1 | 1.0.0:beta2 | 1.0.0:beta3 | 1.0.0:beta4 | 1.0.0:beta5 | 1.0.0a | 1.0.0b | 1.0.0c | 1.0.0d | 1.0.0e | 1.0.0f | 1.0.0g | 1.0.0h | 1.0.0i | 1.0.0j | 1.0.0k | 1.0.0l | 1.0.0m | 1.0.0n | 1.0.0o | 1.0.0p | 1.0.0q | 1.0.0r | 1.0.1 | 1.0.1:beta1 | 1.0.1:beta2 | 1.0.1:beta3 | 1.0.1a | 1.0.1b | 1.0.1c | 1.0.1d | 1.0.1e | 1.0.1f | 1.0.1g | 1.0.1h | 1.0.1i | 1.0.1j | 1.0.1k | 1.0.1l | 1.0.1m | 1.0.2 | 1.0.2:beta1 | 1.0.2a