CVEs-PoC/2015/CVE-2015-0292.md at ef21a24366f7bbc1220842143b6857a7549ce607

mirror of https://github.com/0xMarcio/cve.git synced 2026-03-28 06:01:13 +01:00

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.

POC

Reference

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.ubuntu.com/usn/USN-2537-1
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://kc.mcafee.com/corporate/index?page=content&id=SB10110

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Live-Hack-CVE/CVE-2015-0292
https://github.com/Samaritin/OSINT
https://github.com/chnzzh/OpenSSL-CVE-lib

1.5 KiB Raw Blame History

CVE-2015-0292

Description

POC

Reference

Github

1.5 KiB

Raw Blame History