Description The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.
CVSS vector AV:N/AC:L/C:N/I:N/A:P Exploitability: 10.0 | Impact: 2.9 Complexity: Low
Confidentiality: None
Integrity: None
Affected Packages7 packages Show 2 more packages
🔴 Vulnerability Details3 GHSA GHSA-4m2r-fv3j-3fmf: The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit ↗ 2022-05-13 ▶ OSV CVE-2015-1790: The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit ↗ 2015-06-12 ▶ OSV openssl vulnerabilities ↗ 2015-06-11 ▶
📋 Vendor Advisories10 CISA ICS Siemens SCALANCE X-200RNA Switch Devices ↗ 2022-12-19 ▶ Palo Alto PAN-SA-2016-0028 OpenSSL Vulnerabilities ↗ 2016-10-18 ▶ Palo Alto PAN-SA-2016-0020 OpenSSL Vulnerabilities ↗ 2016-08-15 ▶ Cisco Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products ↗ 2015-06-12 ▶ BSD FreeBSD-SA-15:10.openssl: Multiple OpenSSL vulnerabilities ↗ 2015-06-12 ▶ Show 5 more
🕵️ Threat Intelligence2 Tenable [R3] LCE 5.0.0 Fixes Multiple Third-party Library Vulnerabilities ↗ 2017-01-31 ▶ Tenable [R7] OpenSSL '20150611' Advisory Affects Tenable Products ↗ 2015-06-30 ▶
💬 Community2 Bugzilla CVE-2015-3216 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792 CVE-2015-1791 CVE-2014-8176: OpenSSL multiple security issues [fedora-all] ↗ 2015-06-12 ▶ Bugzilla CVE-2015-1790 OpenSSL: PKCS7 crash with missing EnvelopedContent ↗ 2015-06-05 ▶