CVE-2015-0292Improper Restriction of Operations within the Bounds of a Memory Buffer in Dell Bsafe Crypto-c

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-20Improper Input ValidationCWE-310CWE-191Integer Underflow (Wrap or Wraparound)CWE-190Integer Overflow or WraparoundCWE-120Classic Buffer Overflow34 documents13 sources
Severity
9.8CRITICALNVD
NVD7.5OSV7.5OSV6.8
EPSS
6.6%
top 8.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
OpensslDell BsafeDell Bsafe Crypto-c+4 more
Timeline
PublishedMar 19
Latest updateNov 7

Description

Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages9 packages

debiandebian/openssl< openssl 1.0.1h-1 (bookworm)
NVDdell/bsafe_crypto-c< 4.0.4
Debianopenssl/openssl< 1.0.1h-1+3
Ubuntuopenssl/openssl< 1.0.1f-1ubuntu2.11
NVDopenssl/openssl0.9.8z+21

🔴Vulnerability Details

4
GHSA
GHSA-3467-h7vq-fjwx: Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode2022-05-17
GHSA
GHSA-45w8-hp4w-6fr6: Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 42022-05-13
OSV
CVE-2015-0292: Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode2015-03-19
OSV
openssl vulnerabilities2015-03-19

📋Vendor Advisories

21
Palo Alto
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent2024-11-07
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices2022-12-19
CISA ICS
Rockwell Automation Stratix 59002017-05-10
Cisco
Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products2015-03-20
Red Hat
openssl: integer underflow leading to buffer overflow in base64 decoding2015-03-19

🕵️Threat Intelligence

1
Tenable
[R6] OpenSSL &#039;20150319&#039; Advisory Affects Tenable Products2015-03-29

📄Research Papers

2
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware2022-12-29
arXiv
Server-side verification of client behavior in cryptographic protocols2016-03-13

💬Community

4
Bugzilla
CVE-2015-0209 CVE-2015-0293 CVE-2015-0287 CVE-2015-0286 CVE-2015-0289 CVE-2015-0288 mingw-openssl: various flaws [epel-7]2015-03-19
Bugzilla
CVE-2015-0209 CVE-2015-0293 CVE-2015-0287 CVE-2015-0286 CVE-2015-0289 CVE-2015-0288 mingw-openssl: various flaws [fedora-all]2015-03-19
Bugzilla
CVE-2015-0292 openssl: integer underflow leading to buffer overflow in base64 decoding2015-03-16
Bugzilla
CVE-2015-0292 CVE-2015-0209 CVE-2015-0287 CVE-2015-0286 CVE-2015-0289 CVE-2015-0288 openssl: various flaws [fedora-all]2015-02-26
CVE-2015-0292 — Dell Bsafe Crypto-c vulnerability | cvebase