Vulnerability CVE-2015-0206: Information

Description

Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.

Severity: MEDIUM (5.0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2015-0206

Published: Jan. 9, 2015

Modified: Oct. 20, 2017

Error type identifier: CWE-119

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
openssl10	p9	1.0.1k-alt1	1.0.2u-alt1.p9.2	ALT-PU-2015-1023-1	138366	Fixed
openssl10	c9f2	1.0.1k-alt1	1.0.2u-alt1.p9.1	ALT-PU-2015-1023-1	138366	Fixed
openssl10	c7	1.0.1k-alt1.M70C.1	1.0.1u-alt0.M70C.1	ALT-PU-2015-1030-1	138378	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.openssl.org/news/secadv_20150108.txt	Vendor Advisory
https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f
FEDORA-2015-0512
FEDORA-2015-0601
MDVSA-2015:019
DSA-3125
openSUSE-SU-2015:0130
20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
RHSA-2015:0066
HPSBHF03289
MDVSA-2015:062
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
SUSE-SU-2015:0946
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
91787
HPSBMU03397
HPSBMU03396
HPSBMU03413
HPSBMU03380
HPSBMU03409
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
https://bto.bluecoat.com/security-advisory/sa88
1033378
openSUSE-SU-2015:1277
https://kc.mcafee.com/corporate/index?page=content&id=SB10108
https://kc.mcafee.com/corporate/index?page=content&id=SB10102
71940
openssl-cve20150206-dos(99704)
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Affected configurations:
1. Configuration 1
  cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
  cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*

Version: v24.4.2

Vulnerability CVE-2015-0206: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1