Vulnerabilities > CVE-2015-0537 - Integer Underflow (Wrap or Wraparound) vulnerability in Dell Bsafe, Bsafe Crypto-C and Bsafe Ssl-C

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
dell
CWE-191
critical

Summary

Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service (memory corruption or segmentation fault) or possibly have unspecified other impact via crafted base64 data, a similar issue to CVE-2015-0292.

Common Weakness Enumeration (CWE)

Seebug

bulletinFamilyexploit
description受影响的产品: RSA BSAFE Micro Edition Suite (MES) all 4.1.x versions prior to 4.1.3 RSA BSAFE Micro Edition Suite (MES) all 4.0.x versions prior to 4.0.8 RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) 4.1 RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) all versions prior to 4.0.4 RSA BSAFE Crypto-J all versions prior to 6.2 RSA BSAFE SSL-J all versions prior to 6.2 RSA BSAFE SSL-C all versions including 2.8.9 未受影响的产品: RSA BSAFE Micro Edition Suite (MES) 4.1.3 RSA BSAFE Micro Edition Suite (MES) 4.0.8 RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) 4.0.4 RSA BSAFE Crypto-J 6.2 RSA BSAFE SSL-J 6.2 漏洞原因:Base64解码实现的整数下溢 在RSA BSAFE MES,Crypto-C ME和SSL-C中的Base64解码实现时的整数下溢可能允许远程攻击者通过分段报错导致内存意外损坏(类似于CVE-2015-导致拒绝服务0292)。 CVSS V2基本评分:7.5(AV:N / AC:L /金:N / C:P / I:P / A:P) 注:影响MES,上面列出的Crypto-C ME和SSL-C版本。 建议: RSA BSAFE Micro Edition Suite (MES) 4.0.8 and 4.1.3 修复了 CVE-2015-0533, CVE-2015-0534, CVE-2015-0535, CVE-2015-0536, CVE-2015-0537 RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) 4.0.4 修复了 CVE-2015-0537. RSA BSAFE Crypto-J 6.2 修复了 CVE-2015-0534 RSA BSAFE SSL-J 6.2 修复了 CVE-2015-0534 RSA建议所有客户升级到尽早上面列出的版本。
idSSV:89264
last seen2017-11-19
modified2015-08-31
published2015-08-31
reporteravengert
titleMultiple EMC RSA Products ESA-2015-081 Multiple Security Vulnerabilities