CVE-2015-0537

20.08.2015, 10:59

Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service (memory corruption or segmentation fault) or possibly have unspecified other impact via crafted base64 data, a similar issue to CVE-2015-0292.

Wrap or Wraparound

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
dell	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 74%

Vendor	Product	Version
dell	bsafe	4.0.0 ≤ 𝑥 < 4.0.8
dell	bsafe	4.1.0 ≤ 𝑥 < 4.1.3
dell	bsafe_crypto-c	𝑥 < 4.0.4
dell	bsafe_ssl-c	𝑥 ≤ 2.8.9

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-191 - Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References

http://seclists.org/bugtraq/2015/Aug/84

http://www.securityfocus.com/bid/76377

http://www.securitytracker.com/id/1033299

http://seclists.org/bugtraq/2015/Aug/84

http://www.securityfocus.com/bid/76377

http://www.securitytracker.com/id/1033299