Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-3194

crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.

Related bugs and status

CVE-2015-3194 (Candidate) is related to these bugs:

Bug #1811531: remote execution vulnerability

		In	Importance	Status
1811531	remote execution vulnerability	zeromq3 (Ubuntu)	Undecided	Fix Released
1811531	remote execution vulnerability	zeromq3 (Debian)	Unknown	Fix Released
1811531	remote execution vulnerability	zeromq (Suse)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://openssl.org/new...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://git.openssl.or...
CONFIRM: https://git.openssl.or...
CONFIRM: https://kb.pulsesecure...
CONFIRM: http://www.oracle.com/...
CONFIRM: https://h20566.www2.hp...
CONFIRM: https://h20566.www2.hp...
CONFIRM: https://h20566.www2.hp...
CONFIRM: http://www.oracle.com/...
BID: 91787
CONFIRM: https://h20566.www2.hp...
CONFIRM: https://h20566.www2.hp...
CONFIRM: https://h20566.www2.hp...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
BID: 78623
SUSE: openSUSE-SU-2016:1332
CONFIRM: http://fortiguard.com/...
SUSE: openSUSE-SU-2016:0637
CONFIRM: http://www.fortiguard....
CISCO: 20151204 Multiple Vuln...
DEBIAN: DSA-3413
FEDORA: FEDORA-2015-d87d60b9a9
REDHAT: RHSA-2015:2617
SUSE: openSUSE-SU-2015:2288
SUSE: openSUSE-SU-2015:2289
SUSE: openSUSE-SU-2015:2318
UBUNTU: USN-2830-1
CONFIRM: https://h20566.www2.hp...
CONFIRM: http://kb.juniper.net/...
CONFIRM: http://kb.juniper.net/...
HP: HPSBGN03536
SLACKWARE: SSA:2015-349-04
SECTRACK: 1034294
CONFIRM: http://www.oracle.com/...
REDHAT: RHSA-2016:2957
CONFIRM: https://cert-portal.si...