CVE-2015-0208 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Openssl

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-20 — Improper Input Validation CWE-310 CWE-476 — NULL Pointer Dereference21 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

28.2%

top 3.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Cisco Products Debian Openssl

Timeline

PublishedMar 19

Latest updateDec 19

Description

The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/openssl

▶NVDopenssl/openssl1.0.2

▶ciscocisco/products

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-53qj-xqjg-44rj: The ASN↗2022-05-14

▶

📋Vendor Advisories

CISA ICS

Siemens SCALANCE X-200RNA Switch Devices↗2022-12-19

▶

Cisco

Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products↗2015-03-20

▶

Red Hat

openssl: segmentation fault for invalid PSS parameters↗2015-03-19

▶

Debian

CVE-2015-0208: openssl - The ASN.1 signature-verification implementation in the rsa_item_verify function ...↗2015

▶

Cisco

Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products↗

▶

📄Research Papers

arXiv

Server-side verification of client behavior in cryptographic protocols↗2016-03-13

▶

💬Community

Bugzilla

CVE-2015-0208 openssl: segmentation fault for invalid PSS parameters↗2015-03-16

▶