CVE-2015-0292
19.03.2015, 22:59
Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openssl | openssl | 𝑥 ≤ 0.9.8z |
| openssl | openssl | 1.0.0 |
| openssl | openssl | 1.0.0a:a |
| openssl | openssl | 1.0.0b:b |
| openssl | openssl | 1.0.0c:c |
| openssl | openssl | 1.0.0d:d |
| openssl | openssl | 1.0.0e:e |
| openssl | openssl | 1.0.0f:f |
| openssl | openssl | 1.0.0g:g |
| openssl | openssl | 1.0.0h:h |
| openssl | openssl | 1.0.0i:i |
| openssl | openssl | 1.0.0j:j |
| openssl | openssl | 1.0.0k:k |
| openssl | openssl | 1.0.0l:l |
| openssl | openssl | 1.0.1 |
| openssl | openssl | 1.0.1a:a |
| openssl | openssl | 1.0.1b:b |
| openssl | openssl | 1.0.1c:c |
| openssl | openssl | 1.0.1d:d |
| openssl | openssl | 1.0.1e:e |
| openssl | openssl | 1.0.1f:f |
| openssl | openssl | 1.0.1g:g |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| openssl |
| ||||||||||||||||||||||||||
| openssl098 |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||
|---|---|---|---|---|---|
| openssl |
| ||||
| openssl-devel |
| ||||
| openssl-libs |
| ||||
| openssl-perl |
| ||||
| openssl-static |
|
Common Weakness Enumeration
References