Description The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.
CVSS vector AV:N/AC:L/C:N/I:N/A:P Exploitability: 10.0 | Impact: 2.9 Complexity: Low
Confidentiality: None
Integrity: None
Affected Packages6 packages Show 1 more packages
🔴 Vulnerability Details3 GHSA GHSA-gmcw-2hjf-2h3x: The SSLv2 implementation in OpenSSL before 0 ↗ 2022-05-14 ▶ OSV CVE-2015-0293: The SSLv2 implementation in OpenSSL before 0 ↗ 2015-03-19 ▶ OSV openssl vulnerabilities ↗ 2015-03-19 ▶
📋 Vendor Advisories21 CISA ICS Siemens SCALANCE X-200RNA Switch Devices ↗ 2022-12-19 ▶ CISA ICS Rockwell Automation Stratix 5900 ↗ 2017-05-10 ▶ Cisco Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products ↗ 2015-03-20 ▶ Red Hat openssl: assertion failure in SSLv2 servers ↗ 2015-03-19 ▶ BSD FreeBSD-SA-15:06.openssl: Multiple OpenSSL vulnerabilities ↗ 2015-03-19 ▶ Show 16 more
🕵️ Threat Intelligence2 Tenable [R3] LCE 5.0.0 Fixes Multiple Third-party Library Vulnerabilities ↗ 2017-01-31 ▶ Tenable [R6] OpenSSL '20150319' Advisory Affects Tenable Products ↗ 2015-03-29 ▶
📄 Research Papers1 arXiv Server-side verification of client behavior in cryptographic protocols ↗ 2016-03-13 ▶
💬 Community9 HackerOne Bleichenbacher oracle in SSLv2 (CVE-2016-0704) ↗ 2016-06-01 ▶ HackerOne Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703) ↗ 2016-06-01 ▶ Bugzilla CVE-2016-0704 openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers ↗ 2016-02-22 ▶ Bugzilla CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) ↗ 2016-02-22 ▶ Bugzilla CVE-2016-0703 openssl: Divide-and-conquer session key recovery in SSLv2 ↗ 2016-02-22 ▶ Show 4 more