CVE-2015-1787

Summary

CVE	CVE-2015-1787
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2015-03-19 22:59:00 UTC
Updated	2023-11-07 02:24:00 UTC
Description	The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Openssl	Openssl	1.0.2	All	All	All
Application	Openssl	Openssl	1.0.2	beta1	All	All
Application	Openssl	Openssl	1.0.2	beta2	All	All
Application	Openssl	Openssl	1.0.2	beta3	All	All
Application	Openssl	Openssl	1.0.2	All	All	All
Application	Openssl	Openssl	1.0.2	beta1	All	All
Application	Openssl	Openssl	1.0.2	beta2	All	All
Application	Openssl	Openssl	1.0.2	beta3	All	All

References

Reference	Source	Link	Tags
1202406 – (CVE-2015-1787) CVE-2015-1787 openssl: segmentation fault in client authentication with empty CKE and DHE	CONFIRM	bugzilla.redhat.com	Issue Tracking, Third Party Advisory
Oracle Critical Patch Update - October 2015	CONFIRM	www.oracle.com	Third Party Advisory
Gentoo Security	GENTOO	security.gentoo.org	Third Party Advisory
Oracle Critical Patch Update - July 2015	CONFIRM	www.oracle.com	Third Party Advisory
'[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities' - MARC	HP	marc.info	Mailing List, Third Party Advisory
git.openssl.org Git - openssl.git/commit	CONFIRM	git.openssl.org	Vendor Advisory
www.openssl.org/news/secadv_20150319.txt	CONFIRM	www.openssl.org	Vendor Advisory
'[security bulletin] HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux, Multipl' - MARC	HP	marc.info	Mailing List, Third Party Advisory
git.openssl.org Git - openssl.git/commit		git.openssl.org
cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf	CONFIRM	cert-portal.siemens.com
OpenSSL Multiple Flaws Let Remote Users Deny Service - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
OpenSSL 'ssl/s3_srvr.c' Denial of Service Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
'[security bulletin] HPSBMU03380 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Mu' - MARC	HP	marc.info	Mailing List, Third Party Advisory
Oracle Solaris Third Party Bulletin - April 2015	CONFIRM	www.oracle.com	Third Party Advisory
Broadcom Support Portal	CONFIRM	bto.bluecoat.com	Third Party Advisory
Oracle Critical Patch Update - October 2017	CONFIRM	www.oracle.com	Patch, Third Party Advisory
McAfee KnowledgeBase - Intel Security - Security Bulletin: Fourteen OpenSSL CVEs Announced on March 19, 2015	CONFIRM	kc.mcafee.com	Third Party Advisory
Oracle Critical Patch Update - January 2016	CONFIRM	www.oracle.com	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

590349 Rockwell Automation Stratix 5900 Multiple Vulnerabilities (ICSA-17-094-04)
591280 Siemens SCALANCE X-200RNA Switch Devices Denial of Service (DoS) Multiple Vulnerabilities (ICSA-22-349-21, SSA-412672)