Back to search
CVE-2015-0289
Published: Mar 19, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2015:0715
vendor-advisory
openSUSE-SU-2015:0554
vendor-advisory
DSA-3197
vendor-advisory
USN-2537-1
vendor-advisory
HPSBMU03409
vendor-advisory
FEDORA-2015-4303
vendor-advisory
73231
vdb-entry
HPSBMU03380
vendor-advisory
FEDORA-2015-4300
vendor-advisory
APPLE-SA-2015-06-30-2
vendor-advisory
FEDORA-2015-6951
vendor-advisory
openSUSE-SU-2016:0640
vendor-advisory
openSUSE-SU-2015:1277
vendor-advisory
HPSBUX03334
vendor-advisory
MDVSA-2015:063
vendor-advisory
SUSE-SU-2015:0541
vendor-advisory
RHSA-2015:0716
vendor-advisory
HPSBGN03306
vendor-advisory
SUSE-SU-2015:0578
vendor-advisory
FreeBSD-SA-15:06
vendor-advisory
HPSBMU03397
vendor-advisory
RHSA-2015:0752
vendor-advisory
RHSA-2015:0800
vendor-advisory
1031929
vdb-entry
SSRT102000
vendor-advisory
MDVSA-2015:062
vendor-advisory
FEDORA-2015-4320
vendor-advisory
FEDORA-2015-6855
vendor-advisory
GLSA-201503-11
vendor-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now