cbcvebase.
CVE-2014-8275
published 2015-01-09

CVE-2014-8275: OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to…

PriorityP339medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
16.53%
96.6th percentile
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.

Affected

38 ranges· showing 25
VendorProductVersion rangeFixed in
appleos_x_yosemite_v10.10.3_and_security_update_2015-004
ciscoproducts
debianopenssl< openssl 1.0.1k-1 (bookworm)openssl 1.0.1k-1 (bookworm)
dellbsafe>= 4.0.0 < 4.0.84.0.8
dellbsafe>= 4.1.0 < 4.1.34.1.3
dellbsafe_ssl-c<= 2.8.9
dellbsafe_ssl-j< 6.26.2
opensslopenssl<= 0.9.8zc
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_cisco5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.