CVE-2015-3194
Description
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
60.562
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2015-3195,CVE-2015-3194 are fixed in OpenSSL (x64) 1.0.1q | Windows |
| Vulnerabilities CVE-2015-3195,CVE-2015-3194,CVE-2015-3193,CVE-2015-1794 are fixed in OpenSSL (x64) 1.0.2e | Windows |
| Multiple vulnerabilities affected in Mysql 5.6.21 | Windows |
| Multiple vulnerabilities affected in Mysql 5.6.22 | Windows |
| Multiple vulnerabilities affected in Mysql 5.6.23 | Windows |
| Multiple vulnerabilities affected in Mysql 5.6.24 | Windows |
| Multiple vulnerabilities affected in Mysql 5.6.25 | Windows |
| Multiple vulnerabilities affected in Mysql 5.6.26 | Windows |
| Multiple vulnerabilities affected in Mysql 5.6.35 | Windows |
| Multiple vulnerabilities affected in Mysql 5.6.9 | Windows |
| Multiple vulnerabilities are affected in Mysql earlier | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2 | Windows |
| Multiple vulnerabilities are fixed in macOS Mojave 10.14.6 | Mac |
| Multiple vulnerabilities are fixed in macOS Mojave 10.14.6 Combo Update | Mac |
| Multiple vulnerabilities are fixed in macOS Mojave 10.14.5 Combo Update | Mac |
| Multiple vulnerabilities are fixed in macOS Mojave 10.14.5 | Mac |
| Multiple vulnerabilities are fixed in macOS Mojave 10.14.4 | Mac |
| Multiple vulnerabilities are fixed in macOS Mojave 10.14.4 Combo Update | Mac |
| Multiple vulnerabilities are fixed in macOS Mojave 10.14.3 | Mac |
| Multiple vulnerabilities are fixed in macOS Mojave 10.14.3 Combo Update | Mac |
| Multiple vulnerabilities are fixed in macOS Mojave 10.14.2 | Mac |
| Multiple vulnerabilities are fixed in macOS Mojave 10.14.1 | Mac |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-2830-1) libssl1.0.0_1.0.2d-0ubuntu1_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-2830-1) libssl1.0.0_1.0.2d-0ubuntu1_amd64.deb | Linux |
| Multiple vulnerabilities affected in Mysql 5.6.21 (For Linux) | Linux |
| Multiple vulnerabilities affected in Mysql 5.6.22 (For Linux) | Linux |
| Multiple vulnerabilities affected in Mysql 5.6.23 (For Linux) | Linux |
| Multiple vulnerabilities affected in Mysql 5.6.24 (For Linux) | Linux |
| Multiple vulnerabilities affected in Mysql 5.6.25 (For Linux) | Linux |
| Multiple vulnerabilities affected in Mysql 5.6.26 (For Linux) | Linux |
| Multiple vulnerabilities affected in Mysql 5.6.35 (For Linux) | Linux |
| Multiple vulnerabilities affected in Mysql 5.6.9 (For Linux) | Linux |
| Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products For Cisco IOS XE Software | NCM |
| Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products For Cisco NX-OS Software | NCM |
| NULL Pointer Dereference Vulnerability (CVE-2015-3194) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706107 | Security Update for Cisco IOS XE Software 5.2(1)SV5(1.3a) |
| PATCH-1706149 | Security Update for Cisco NX-OS Software 4.1(3a)UCSM |
| PATCH-602004 | macOS Mojave 10.14.6 |
| PATCH-602005 | macOS Mojave 10.14.6 Combo Update |
| PATCH-602005 | macOS Mojave 10.14.6 Combo Update |
| PATCH-602004 | macOS Mojave 10.14.6 |
| PATCH-602004 | macOS Mojave 10.14.6 |
| PATCH-602005 | macOS Mojave 10.14.6 Combo Update |
| PATCH-602004 | macOS Mojave 10.14.6 |
| PATCH-602005 | macOS Mojave 10.14.6 Combo Update |
| PATCH-602004 | macOS Mojave 10.14.6 |
| PATCH-602004 | macOS Mojave 10.14.6 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234