Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2015-0288

Disclosure Date: March 19, 2015 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

References

Canonical

CVE-2015-0288 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288)

BID-73237 (http://www.securityfocus.com/bid/73237)

Advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10110

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://rhn.redhat.com/errata/RHSA-2015-0715.html

http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680

DSA-3197 (http://www.debian.org/security/2015/dsa-3197)

USN-2537-1 (http://www.ubuntu.com/usn/USN-2537-1)

HPSBMU03409 (http://marc.info?l=bugtraq&m=144050155601375&w=2)

FEDORA-2015-4303 (http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html)

https://bto.bluecoat.com/security-advisory/sa92

https://www.openssl.org/news/secadv_20150319.txt

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

HPSBMU03380 (http://marc.info?l=bugtraq&m=143748090628601&w=2)

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

FEDORA-2015-4300 (http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html)

https://rt.openssl.org/Ticket/Display.html?id=3708&user=guest&pass=guest

APPLE-SA-2015-06-30-2 (http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html)

FEDORA-2015-6951 (http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html)

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

https://access.redhat.com/articles/1384453

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html

HPSBUX03334 (http://marc.info?l=bugtraq&m=143213830203296&w=2)

http://www.mandriva.com/security/advisories?name=MDVSA-2015:063

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

http://rhn.redhat.com/errata/RHSA-2015-0716.html

HPSBGN03306 (http://marc.info?l=bugtraq&m=142841429220765&w=2)

http://support.apple.com/kb/HT204942

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

HPSBMU03397 (http://marc.info?l=bugtraq&m=144050297101809&w=2)

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

https://bugzilla.redhat.com/show_bug.cgi?id=1202418

http://rhn.redhat.com/errata/RHSA-2015-0752.html

http://rhn.redhat.com/errata/RHSA-2015-0800.html

SECTRACK-1031929 (http://www.securitytracker.com/id/1031929)

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

FEDORA-2015-4320 (http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html)

https://support.citrix.com/article/CTX216642

FEDORA-2015-6855 (http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html)

HPSBMU03413 (http://marc.info?l=bugtraq&m=144050254401665&w=2)

GLSA-201503-11 (https://security.gentoo.org/glsa/201503-11)

https://git.openssl.org/gitweb?p=openssl.git;a=commit;h=28a00bcd8e318da18031b2ac8778c64147cd54f9

Miscellaneous

https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc

Rapid7

Technical Analysis