CVE-2015-1789

HIGH

OpenSSL < 0.9.8zg, 1.0.0 < 1.0.0s, 1.0.1 < 1.0.1n, 1.0.2 < 1.0.2b - Denial of Service via ASN1_TIME Length Field

Title source: llm
STIX 2.1

Description

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

References (55)

Core 55
Core References
Vendor Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1115.html
Vendor Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1197.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/201506-02
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/91787
Mailing List, Third Party Advisory vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/75156
Third Party Advisory vendor-advisory
http://www.debian.org/security/2015/dsa-3287
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1032564
Vendor Advisory vendor-advisory
http://www.ubuntu.com/usn/USN-2639-1

Scores

CVSS v3 7.5
EPSS 0.0453
EPSS Percentile 89.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-119
Status published
Products (37)
openssl/openssl 1.0.0 (6 CPE variants)
openssl/openssl 1.0.0a
openssl/openssl 1.0.0b
openssl/openssl 1.0.0c
openssl/openssl 1.0.0d
openssl/openssl 1.0.0e
openssl/openssl 1.0.0f
openssl/openssl 1.0.0g
openssl/openssl 1.0.0h
openssl/openssl 1.0.0i
... and 27 more
Published Jun 12, 2015
Tracked Since Feb 18, 2026