Home

CVE-2015-1789

Description

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
3.389

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2015-1792,CVE-2015-1790,CVE-2015-1789,CVE-2015-1791 are fixed in OpenSSL (x64) 0.9.8zgWindows
Vulnerabilities CVE-2015-1792,CVE-2015-1790,CVE-2015-1789,CVE-2015-1791 are fixed in OpenSSL (x64) 1.0.0sWindows
Vulnerabilities CVE-2015-1792,CVE-2015-1790,CVE-2015-1789,CVE-2015-1788,CVE-2015-1791 are fixed in OpenSSL (x64) 1.0.1nWindows
Vulnerabilities CVE-2015-1792,CVE-2015-1790,CVE-2015-1789,CVE-2015-1788,CVE-2015-1791 are fixed in OpenSSL (x64) 1.0.2bWindows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.1.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 8.5Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 8.5.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2Windows
Multiple vulnerabilities are fixed in OS X Yosemite 10.10.5 UpdateMac
Multiple vulnerabilities are fixed in OS X Yosemite 10.10.5 Combo UpdateMac
Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products For Cisco IOS XE SoftwareNCM
Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products For Cisco NX-OS SoftwareNCM
Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-1789)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706107Security Update for Cisco IOS XE Software 5.2(1)SV5(1.3a)
PATCH-1706149Security Update for Cisco NX-OS Software 4.1(3a)UCSM
PATCH-600354OS X Yosemite 10.10.5 Update
PATCH-600458OS X Yosemite 10.10.5 Combo Update

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234