Home

CVE-2015-0289

Description

The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.

Risk Information

Base Score
8.2
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
EPSS Score
Exploitation Probability
5.787

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in OpenSSL (x64) 0.9.8zfWindows
Multiple vulnerabilities fixed in OpenSSL (x64) 1.0.0rWindows
Multiple vulnerabilities fixed in OpenSSL (x64) 1.0.1mWindows
Multiple vulnerabilities fixed in OpenSSL (x64) 1.0.2aWindows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.1.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 8.5Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2Windows
Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products For Cisco IOSNCM
CVE-2015-0289NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706090Security Update for Cisco IOS Amsterdam-17.2.1r

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234