CVE-2015-0206 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Affected Products (NVD)

Vendor	Product	Version
openssl	openssl	1.0.0a:a
openssl	openssl	1.0.0b:b
openssl	openssl	1.0.0c:c
openssl	openssl	1.0.0d:d
openssl	openssl	1.0.0e:e
openssl	openssl	1.0.0f:f
openssl	openssl	1.0.0g:g
openssl	openssl	1.0.0h:h
openssl	openssl	1.0.0i:i
openssl	openssl	1.0.0j:j
openssl	openssl	1.0.0k:k
openssl	openssl	1.0.0l:l
openssl	openssl	1.0.0m:m
openssl	openssl	1.0.0n:n
openssl	openssl	1.0.0o:o
openssl	openssl	1.0.1a:a
openssl	openssl	1.0.1b:b
openssl	openssl	1.0.1c:c
openssl	openssl	1.0.1d:d
openssl	openssl	1.0.1e:e
openssl	openssl	1.0.1f:f
openssl	openssl	1.0.1g:g
openssl	openssl	1.0.1h:h
openssl	openssl	1.0.1i:i
openssl	openssl	1.0.1j:j

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openssl

bookworm	3.0.14-1~deb12u1 fixed
bookworm (security)	3.0.14-1~deb12u2 fixed
bullseye	1.1.1w-0+deb11u1 fixed
bullseye (security)	1.1.1w-0+deb11u2 fixed
sid	3.3.2-2 fixed
squeeze	not-affected
trixie	3.3.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

openssl

lucid	not-affected
precise	Fixed 1.0.1-4ubuntu5.21 released
trusty	Fixed 1.0.1f-1ubuntu2.8 released
utopic	Fixed 1.0.1f-1ubuntu9.1 released

openssl098

lucid	dne
precise	not-affected
trusty	dne
utopic	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

libopenssl-devel

suse enterprise desktop 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise sap 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise server 15 SP7	3.2.3-150700.1.1 fixed

libopenssl-fips-provider

suse enterprise desktop 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise sap 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise server 15 SP7	3.2.3-150700.1.1 fixed

openssl

suse enterprise desktop 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise sap 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise server 15 SP7	3.2.3-150700.1.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

openssl

RHEL 6	0:1.0.1e-30.el6_6.5 fixed
RHEL 7	1:1.0.1e-34.el7_0.7 fixed

openssl-devel

RHEL 6	0:1.0.1e-30.el6_6.5 fixed
RHEL 7	1:1.0.1e-34.el7_0.7 fixed

openssl-libs

RHEL 7

1:1.0.1e-34.el7_0.7

fixed

openssl-perl

RHEL 6	0:1.0.1e-30.el6_6.5 fixed
RHEL 7	1:1.0.1e-34.el7_0.7 fixed

openssl-static

RHEL 6	0:1.0.1e-30.el6_6.5 fixed
RHEL 7	1:1.0.1e-34.el7_0.7 fixed

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html

http://marc.info/?l=bugtraq&m=142721102728110&w=2

http://marc.info/?l=bugtraq&m=143748090628601&w=2

http://marc.info/?l=bugtraq&m=144050155601375&w=2

http://marc.info/?l=bugtraq&m=144050205101530&w=2

http://marc.info/?l=bugtraq&m=144050254401665&w=2

http://marc.info/?l=bugtraq&m=144050297101809&w=2

http://rhn.redhat.com/errata/RHSA-2015-0066.html

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

http://www.debian.org/security/2015/dsa-3125

http://www.mandriva.com/security/advisories?name=MDVSA-2015:019

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://www.securityfocus.com/bid/71940

http://www.securityfocus.com/bid/91787

http://www.securitytracker.com/id/1033378

https://bto.bluecoat.com/security-advisory/sa88

https://exchange.xforce.ibmcloud.com/vulnerabilities/99704

https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f

https://kc.mcafee.com/corporate/index?page=content&id=SB10102

https://kc.mcafee.com/corporate/index?page=content&id=SB10108

https://www.openssl.org/news/secadv_20150108.txt

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html

http://marc.info/?l=bugtraq&m=142721102728110&w=2

http://marc.info/?l=bugtraq&m=143748090628601&w=2

http://marc.info/?l=bugtraq&m=144050155601375&w=2

http://marc.info/?l=bugtraq&m=144050205101530&w=2

http://marc.info/?l=bugtraq&m=144050254401665&w=2

http://marc.info/?l=bugtraq&m=144050297101809&w=2

http://rhn.redhat.com/errata/RHSA-2015-0066.html

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

http://www.debian.org/security/2015/dsa-3125

http://www.mandriva.com/security/advisories?name=MDVSA-2015:019

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://www.securityfocus.com/bid/71940

http://www.securityfocus.com/bid/91787

http://www.securitytracker.com/id/1033378

https://bto.bluecoat.com/security-advisory/sa88

https://exchange.xforce.ibmcloud.com/vulnerabilities/99704

https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f

https://kc.mcafee.com/corporate/index?page=content&id=SB10102

https://kc.mcafee.com/corporate/index?page=content&id=SB10108

https://www.openssl.org/news/secadv_20150108.txt