CVE-2015-1794Improper Restriction of Operations within the Bounds of a Memory Buffer in Openssl

CWE-189CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-39913 documents11 sources
Severity
5.0MEDIUMNVD
EPSS
9.9%
top 7.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
OpensslDebian OpensslPaloalto Pan-os+1 more
Timeline
PublishedDec 6
Latest updateFeb 29

Description

The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

debiandebian/openssl< openssl 1.0.2e-1 (bookworm)
Debianopenssl/openssl< 1.0.2e-1+3
Ubuntuopenssl/openssl< 1.0.1f-1ubuntu2.16
NVDopenssl/openssl5 versions+4

🔴Vulnerability Details

3
GHSA
GHSA-x29w-fcg6-7f9m: The ssl3_get_key_exchange function in ssl/s3_clnt2022-05-17
OSV
openssl vulnerabilities2015-12-07
OSV
CVE-2015-1794: The ssl3_get_key_exchange function in ssl/s3_clnt2015-12-06

📋Vendor Advisories

7
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices2022-12-19
Palo Alto
PAN-SA-2016-0020 OpenSSL Vulnerabilities2016-08-15
Ubuntu
OpenSSL vulnerabilities2015-12-07
Red Hat
OpenSSL: Anon DH ServerKeyExchange with 0 p parameter2015-12-04
Cisco
Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products2015-12-04

📄Research Papers

1
arXiv
CEBin: A Cost-Effective Framework for Large-Scale Binary Code Similarity Detection2024-02-29

💬Community

1
Bugzilla
CVE-2015-1794 OpenSSL: Anon DH ServerKeyExchange with 0 p parameter2015-12-07
CVE-2015-1794 — Debian Openssl vulnerability | cvebase