cbcvebase.
CVE-2015-0292
published 2015-03-19

CVE-2015-0292: Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m…

PriorityP353high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
44.50%
98.6th percentile
Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
ciscoproducts
debianopenssl< openssl 1.0.1h-1 (bookworm)openssl 1.0.1h-1 (bookworm)
dellbsafe>= 4.0.0 < 4.0.84.0.8
dellbsafe>= 4.1.0 < 4.1.34.1.3
dellbsafe_crypto-c< 4.0.44.0.4
dellbsafe_ssl-c<= 2.8.9
opensslopenssl<= 0.9.8z
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu6.8MEDIUM
vendor_cisco5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.