CVE-2015-1791 - Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8z

CVE-2015-1791

Summary

Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.

References

Vulnerable Configurations

cpe:2.3:a:openssl:openssl:-:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:-:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta6:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta6:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c-1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c-1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g-9:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g-9:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8zc:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8zc:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8zd:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8zd:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8ze:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8ze:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8zf:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8zf:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 13-12-2022 - 12:15)
Impact:
Exploitability:

CWE

CWE-362

CAPEC

Leveraging Race Conditions
The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with his version and cause the system to read the malicious file.
Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa

id	RHSA-2015:1115

rpms

openssl-0:1.0.1e-30.el6_6.11
openssl-1:1.0.1e-42.ael7b_1.8
openssl-1:1.0.1e-42.el7_1.8
openssl-debuginfo-0:1.0.1e-30.el6_6.11
openssl-debuginfo-1:1.0.1e-42.ael7b_1.8
openssl-debuginfo-1:1.0.1e-42.el7_1.8
openssl-devel-0:1.0.1e-30.el6_6.11
openssl-devel-1:1.0.1e-42.ael7b_1.8
openssl-devel-1:1.0.1e-42.el7_1.8
openssl-libs-1:1.0.1e-42.ael7b_1.8
openssl-libs-1:1.0.1e-42.el7_1.8
openssl-perl-0:1.0.1e-30.el6_6.11
openssl-perl-1:1.0.1e-42.ael7b_1.8
openssl-perl-1:1.0.1e-42.el7_1.8
openssl-static-0:1.0.1e-30.el6_6.11
openssl-static-1:1.0.1e-42.ael7b_1.8
openssl-static-1:1.0.1e-42.el7_1.8

refmap via4

apple	APPLE-SA-2015-08-13-2
bid	75161 91787
cisco	20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
confirm	http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733 http://www-304.ibm.com/support/docview.wss?uid=swg21960041 http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015 http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html https://bto.bluecoat.com/security-advisory/sa98 https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965 https://kc.mcafee.com/corporate/index?page=content&id=SB10122 https://openssl.org/news/secadv/20150611.txt https://support.apple.com/kb/HT205031 https://support.citrix.com/article/CTX216642 https://www.openssl.org/news/secadv_20150611.txt
debian	DSA-3287
fedora	FEDORA-2015-10047 FEDORA-2015-10108
gentoo	GLSA-201506-02
hp	HPSBMU03409 HPSBUX03388 SSRT102180
netbsd	NetBSD-SA2015-008
sectrack	1032479
suse	SUSE-SU-2015:1143 SUSE-SU-2015:1150 SUSE-SU-2015:1182 SUSE-SU-2015:1184 SUSE-SU-2015:1185 openSUSE-SU-2015:1139 openSUSE-SU-2016:0640
ubuntu	USN-2639-1

Last major update

13-12-2022 - 12:15

Published

12-06-2015 - 19:59

Last modified

13-12-2022 - 12:15