CVE-2015-0290

Summary

CVE	CVE-2015-0290
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2015-03-19 22:59:00 UTC
Updated	2023-11-07 02:23:00 UTC
Description	The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors.

Risk And Classification

Problem Types: CWE-17

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Openssl	Openssl	1.0.2	All	All	All
Application	Openssl	Openssl	1.0.2	beta1	All	All
Application	Openssl	Openssl	1.0.2	beta2	All	All
Application	Openssl	Openssl	1.0.2	beta3	All	All
Application	Openssl	Openssl	1.0.2	All	All	All
Application	Openssl	Openssl	1.0.2	beta1	All	All
Application	Openssl	Openssl	1.0.2	beta2	All	All
Application	Openssl	Openssl	1.0.2	beta3	All	All

References

Reference	Source	Link	Tags
git.openssl.org Git - openssl.git/commit		git.openssl.org
Oracle Critical Patch Update - October 2015	CONFIRM	www.oracle.com	Third Party Advisory
Gentoo Security	GENTOO	security.gentoo.org	Third Party Advisory
Oracle Critical Patch Update - July 2015	CONFIRM	www.oracle.com	Third Party Advisory
'[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities' - MARC	HP	marc.info	Mailing List, Third Party Advisory
www.openssl.org/news/secadv_20150319.txt	CONFIRM	www.openssl.org	Vendor Advisory
'[security bulletin] HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux, Multipl' - MARC	HP	marc.info	Mailing List, Third Party Advisory
OpenSSL CVE-2015-0290 Denial of Service Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf	CONFIRM	cert-portal.siemens.com
OpenSSL Multiple Flaws Let Remote Users Deny Service - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
'[security bulletin] HPSBMU03380 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Mu' - MARC	HP	marc.info	Mailing List, Third Party Advisory
git.openssl.org Git - openssl.git/commit	CONFIRM	git.openssl.org	Vendor Advisory
1202345 – (CVE-2015-0290) CVE-2015-0290 openssl: multiblock corrupted pointer	CONFIRM	bugzilla.redhat.com	Issue Tracking, Third Party Advisory
Oracle Solaris Third Party Bulletin - April 2015	CONFIRM	www.oracle.com	Third Party Advisory
Broadcom Support Portal	CONFIRM	bto.bluecoat.com	Third Party Advisory
Oracle Critical Patch Update - October 2017	CONFIRM	www.oracle.com	Patch, Third Party Advisory
McAfee KnowledgeBase - Intel Security - Security Bulletin: Fourteen OpenSSL CVEs Announced on March 19, 2015	CONFIRM	kc.mcafee.com	Third Party Advisory
Oracle Critical Patch Update - January 2016	CONFIRM	www.oracle.com	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

590349 Rockwell Automation Stratix 5900 Multiple Vulnerabilities (ICSA-17-094-04)
591280 Siemens SCALANCE X-200RNA Switch Devices Denial of Service (DoS) Multiple Vulnerabilities (ICSA-22-349-21, SSA-412672)