Vulnerabilities > CVE-2015-5334 - Out-of-bounds Write vulnerability in multiple products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

openbsd

opensuse

CWE-787

critical

nessus

NVD

Published: 2020-01-23

Updated: 2020-01-30

Summary

Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.

Vulnerable Configurations

Part	Description	Count
Application	Openbsd Openbsd Libressl - Openbsd Libressl 2.0.0 Openbsd Libressl 2.0.1 Openbsd Libressl 2.0.2 Openbsd Libressl 2.0.3 Openbsd Libressl 2.0.4 Openbsd Libressl 2.0.5 Openbsd Libressl 2.0.6 Openbsd Libressl 2.1.0 Openbsd Libressl 2.1.1 Openbsd Libressl 2.1.2 Openbsd Libressl 2.1.3 Openbsd Libressl 2.1.4 Openbsd Libressl 2.1.5 Openbsd Libressl 2.1.6 Openbsd Libressl 2.1.7 Openbsd Libressl 2.1.8 Openbsd Libressl 2.1.9 Openbsd Libressl 2.1.10 Openbsd Libressl 2.2.0 Openbsd Libressl 2.2.1 Openbsd Libressl 2.2.2 Openbsd Libressl 2.2.3 Openbsd Libressl 2.2.4 Openbsd Libressl 2.2.5 Openbsd Libressl 2.2.6 Openbsd Libressl 2.2.7 Openbsd Libressl 2.2.8 Openbsd Libressl 2.2.9 Openbsd Libressl 2.3.0	30
OS	Opensuse Opensuse Opensuse 13.2	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOS_10_14.NASL
description	The remote host is running a version of Mac OS X that is prior to 10.13.6 or is not macOS 10.14. It is, therefore, affected by multiple vulnerabilities in the following components : - afpserver - AppleGraphicsControl - Application Firewall - App Store - APR - ATS - Auto Unlock - Bluetooth - CFNetwork - CoreFoundation - CoreText - Crash Reporter - CUPS - Dictionary - Grand Central Dispatch - Heimdal - Hypervisor - iBooks - Intel Graphics Driver - IOHIDFamily - IOKit - IOUserEthernet - Kernel - LibreSSL - Login Window - mDNSOffloadUserClient - MediaRemote - Microcode - Security - Spotlight - Symptom Framework - Text - Wi-Fi Note that successful exploitation of the most serious issues can result in arbitrary code execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	118178
published	2018-10-18
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118178
title	macOS < 10.14 Multiple Vulnerabilities

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_E75A96DF73CA11E59B45B499BAEBFEAF.NASL
description	Qualys reports : During the code review of OpenSMTPD a memory leak and buffer overflow (an off-by-one, usually stack-based) were discovered in LibreSSL
last seen	2020-06-01
modified	2020-06-02
plugin id	86434
published	2015-10-19
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/86434
title	FreeBSD : LibreSSL -- Memory leak and buffer overflow (e75a96df-73ca-11e5-9b45-b499baebfeaf)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-681.NASL
description	libressl was updated to fix two security issues. These security issues were fixed : - CVE-2015-5333: Memory leak when decoding X.509 certificates (boo#950707) - CVE-2015-5334: Buffer overflow when decoding X.509 certificates (boo#950708)
last seen	2020-06-05
modified	2015-10-28
plugin id	86622
published	2015-10-28
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/86622
title	openSUSE Security Update : libressl (openSUSE-2015-681)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-604.NASL
description	This libressl update to version 2.2.7 fixes the following issues : Security issues fixed : - Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding. [boo#978492, boo#977584] - CVE-2015-3194: Certificate verify crash with missing PSS parameter (boo#957815) - CVE-2015-3195: X509_ATTRIBUTE memory leak (boo#957812) - CVE-2015-5333: Memory Leak (boo#950707) - CVE-2015-5334: Buffer Overflow (boo#950708)
last seen	2020-06-05
modified	2016-05-20
plugin id	91274
published	2016-05-20
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91274
title	openSUSE Security Update : libressl (openSUSE-2016-604)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_10_11_2.NASL
description	The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.2. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - AppSandbox - Bluetooth - CFNetwork HTTPProtocol - Compression - Configuration Profiles - CoreGraphics - CoreMedia Playback - Disk Images - EFI - File Bookmark - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - IOKit SCSI - IOThunderboltFamily - Kernel - kext tools - Keychain Access - libarchive - libc - libexpat - libxml2 - OpenGL - OpenLDAP - OpenSSH - QuickLook - Sandbox - Security - System Integrity Protection Note that successful exploitation of the most serious issues can result in arbitrary code execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	87314
published	2015-12-10
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87314
title	Mac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2015-008.NASL
description	The remote host is running a version of Mac OS X 10.9.5 or 10.10.5 that is missing Security Update 2015-005 or 2015-008. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - AppSandbox - Bluetooth - CFNetwork HTTPProtocol - Compression - Configuration Profiles - CoreGraphics - CoreMedia Playback - Disk Images - EFI - File Bookmark - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - IOKit SCSI - IOThunderboltFamily - Kernel - kext tools - Keychain Access - libarchive - libc - libexpat - libxml2 - OpenGL - OpenLDAP - OpenSSH - QuickLook - Sandbox - Security - System Integrity Protection Note that successful exploitation of the most serious issues can result in arbitrary code execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	87321
published	2015-12-11
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/87321
title	Mac OS X Multiple Vulnerabilities (Security Updates 2015-005 / 2015-008)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2016-002.NASL
description	The remote host is running a version of Mac OS X that is 10.9.5 or 10.10.5 and is missing Security Update 2016-002. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - Kernel - libxml2 - OpenSSH - Python - Tcl Note that successful exploitation of the most serious issues can result in arbitrary code execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	90097
published	2016-03-22
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/90097
title	Mac OS X 10.9.5 / 10.10.5 Multiple Vulnerabilities (Security Update 2016-002)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References