CVE-2015-5334 - OpenCVE

Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Openbsd	Libressl
Opensuse	Opensuse

Configuration 1 [-]

cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

References

Link	Resource
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt	Release Notes Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2015/Oct/75	Exploit Mailing List Third Party Advisory
http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded	Broken Link

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2020-01-23T19:56:11

Updated: 2020-01-23T19:56:11

Reserved: 2015-07-01T00:00:00

Link: CVE-2015-5334

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-23T20:15:12.027

Modified: 2020-01-30T15:22:39.227

Link: CVE-2015-5334

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "LibreSSL", "vendor": "LibreSSL", "versions": [{"status": "affected", "version": "before 2.3.1"}]}], "datePublic": "2015-10-15T00:00:00", "descriptions": [{"lang": "en", "value": "Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508."}], "problemTypes": [{"descriptions": [{"description": "Other", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-23T19:56:11", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2015/Oct/75"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html"}, {"tags": ["x_refsource_MISC"], "url": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5334", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "LibreSSL", "version": {"version_data": [{"version_value": "before 2.3.1"}]}}]}, "vendor_name": "LibreSSL"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Other"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html"}, {"name": "http://seclists.org/fulldisclosure/2015/Oct/75", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2015/Oct/75"}, {"name": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded", "refsource": "MISC", "url": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded"}, {"name": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html", "refsource": "MISC", "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html"}, {"name": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt", "refsource": "MISC", "url": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-5334", "datePublished": "2020-01-23T19:56:11", "dateReserved": "2015-07-01T00:00:00", "dateUpdated": "2020-01-23T19:56:11", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*", "matchCriteriaId": "263ED210-2C74-4F7F-AF91-65970FD4EE7A", "versionEndExcluding": "2.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508."}, {"lang": "es", "value": "Un error por un paso en la funci\u00f3n OBJ_obj2txt en LibreSSL versiones anteriores a 2.3.1, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del programa) o posible ejecutar c\u00f3digo arbitrario por medio de un certificado X.509 dise\u00f1ado, que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. Nota: esta vulnerabilidad se presenta debido a una correcci\u00f3n incorrecta para CVE-2014-3508."}], "id": "CVE-2015-5334", "lastModified": "2020-01-30T15:22:39.227", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-23T20:15:12.027", "references": [{"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2015/Oct/75"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}