CVE-2015-0291 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Openssl

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-20 — Improper Input Validation CWE-310 CWE-476 — NULL Pointer Dereference22 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

33.2%

top 3.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Cisco Products Debian Openssl

Timeline

PublishedMar 19

Latest updateDec 19

Description

The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/openssl

▶NVDopenssl/openssl1.0.2

▶ciscocisco/products

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-3hjm-7xr7-8fgf: The sigalgs implementation in t1_lib↗2022-05-14

▶

📋Vendor Advisories

CISA ICS

Siemens SCALANCE X-200RNA Switch Devices↗2022-12-19

▶

CISA ICS

Rockwell Automation Stratix 5900↗2017-05-10

▶

Cisco

Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products↗2015-03-20

▶

Red Hat

openssl: ClientHello sigalgs NULL pointer dereference DoS↗2015-03-19

▶

Debian

CVE-2015-0291: openssl - The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows rem...↗2015

▶

📄Research Papers

arXiv

Server-side verification of client behavior in cryptographic protocols↗2016-03-13

▶

💬Community

Bugzilla

CVE-2015-0291 openssl: ClientHello sigalgs NULL pointer dereference DoS↗2015-03-16

▶