CVE-2015-3194

Published: 03 December 2015

crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
openssl
Launchpad, Ubuntu, Debian
Upstream
Released (1.0.2e,1.0.1q)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.0.1f-1ubuntu2.16)
Patches:
Upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=d8541d7e9e63bf5f343af24644046c8d96498c17 (1.0.1)
Upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=c394a488942387246653833359a5c94b5832674e (1.0.2)
openssl098
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)