Kaspersky ID:
KLA10479
Дата обнаружения:
19/03/2015
Обновлено:
29/05/2024

Описание

Multiple serious vulnerabilities have been found in OpenSSL. Malicious users can exploit these vulnerabilities to caused denial of service or bypass security restrictions.

Below is a complete list of vulnerabilities

  1. An unknown vulnerability can be exploited remotely via a specially designed message, certificate key or RSA PSS parameters;
  2. Integer underflow can be exploited remotely via a specially designed base64 data;
  3. Improper handling IO cases can be exploited remotely via an unknown vectors;
  4. Improper handling of ContentInfo can be exploited remotely via a specailly designed data;
  5. Improper handling of data structures and boolean-type comparisons can be exploited via an unknown vectors related to ASN.1 structure;
  6. Lack of PRNG restrictions can be exploited remotely via a specially designed private-key;
  7. Improper isolation of state information can be exploited remotely via a specially designed DTLS traffic.

Первичный источник обнаружения

Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

Список CVE

  • CVE-2015-0207
    warning
  • CVE-2015-0208
    warning
  • CVE-2015-0209
    high
  • CVE-2015-0288
    warning
  • CVE-2015-0287
    warning
  • CVE-2015-0290
    warning
  • CVE-2015-0289
    warning
  • CVE-2015-0292
    high
  • CVE-2015-0291
    warning
  • CVE-2015-0293
    warning
  • CVE-2015-1787
    warning
  • CVE-2015-0286
    warning
  • CVE-2015-0285
    warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.