Уязвимость CVE-2015-0289: Информация

Описание

The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.

Важность: MEDIUM (5,0)

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

1. Подверженные конфигурации:

   1. Конфигурация 1

      cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

      End including

      0.9.8ze

      ---