CVE-2015-1787Improper Input Validation in Openssl

CWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-310CWE-476NULL Pointer Dereference26 documents8 sources
Severity
7.5HIGHNVD
NVD2.6
EPSS
25.8%
top 3.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Dell BsafeDell Bsafe Ssl-cOpenssl+2 more
Timeline
PublishedMar 19
Latest updateDec 19

Description

The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages5 packages

NVDopenssl/openssl1.0.2
NVDdell/bsafe4.0.04.0.8+1
NVDdell/bsafe_ssl-c2.8.9

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-q9c2-pp3c-3qv9: The ssl3_get_client_key_exchange function in s3_srvr2022-05-14
GHSA
GHSA-8x5r-qq77-fp3r: EMC RSA BSAFE Micro Edition Suite (MES) 42022-05-13

📋Vendor Advisories

18
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices2022-12-19
CISA ICS
Rockwell Automation Stratix 59002017-05-10
Cisco
Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products2015-03-20
Red Hat
openssl: segmentation fault in client authentication with empty CKE and DHE2015-03-19
Debian
CVE-2015-1787: openssl - The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1...2015

📄Research Papers

1
arXiv
Server-side verification of client behavior in cryptographic protocols2016-03-13

💬Community

3
Bugzilla
CVE-2015-7700 pngcrush: double-free in sPLT and png.c file2018-01-18
Bugzilla
CVE-2015-1333 kernel: denial of service due to memory leak in add_key()2015-07-22
Bugzilla
CVE-2015-1787 openssl: segmentation fault in client authentication with empty CKE and DHE2015-03-16
CVE-2015-1787 — Improper Input Validation in Openssl | cvebase