CVE-2015-1791

Openssl < 0.9.8zf - Race Condition

Title source: rule
STIX 2.1

Description

Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.

Exploits (1)

nomisec WORKING POC
by Trinadh465 · poc
https://github.com/Trinadh465/OpenSSL-1_0_1g_CVE-2015-1791

References (50)

Core 50
Core References
Third Party Advisory vendor-advisory
http://www.debian.org/security/2015/dsa-3287
Vendor Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1115.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/201506-02
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/75161
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1032479
Mailing List, Third Party Advisory vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html
Vendor Advisory vendor-advisory
http://www.ubuntu.com/usn/USN-2639-1
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/91787
Mailing List, Third Party Advisory vendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html

Scores

EPSS 0.1025
EPSS Percentile 93.2%

Details

CWE
CWE-362
Status published
Products (36)
openssl/openssl 1.0.0 (6 CPE variants)
openssl/openssl 1.0.0a
openssl/openssl 1.0.0b
openssl/openssl 1.0.0c
openssl/openssl 1.0.0d
openssl/openssl 1.0.0e
openssl/openssl 1.0.0f
openssl/openssl 1.0.0g
openssl/openssl 1.0.0h
openssl/openssl 1.0.0i
... and 26 more
Published Jun 12, 2015
Tracked Since Feb 18, 2026