Vulnerability Details : CVE-2015-5291
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2015-5291
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*
- cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5291
0.82%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5291
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2015-5291
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5291
-
http://www.debian.org/security/2016/dsa-3468
Debian -- Security Information -- DSA-3468-1 polarsslThird Party Advisory
-
https://security.gentoo.org/glsa/201706-18
mbed TLS: Multiple vulnerabilities (GLSA 201706-18) — Gentoo securityThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html
[SECURITY] Fedora 21 Update: mbedtls-1.3.14-1.fc21Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html
[security-announce] openSUSE-SU-2015:2257-1: important: Security updateMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html
openSUSE-SU-2015:2371-1: moderate: Security update for polarsslMailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html
[SECURITY] Fedora 22 Update: mbedtls-1.3.14-1.fc22Mailing List;Third Party Advisory
-
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
mbed TLS Security Advisory 2015-01 - Tech UpdatesVendor Advisory
-
https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf
Third Party Advisory
-
https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/
CVE-2015-5291: remote heap corruption in ARM mbed TLS / PolarSSL – Guido VrankenThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html
[SECURITY] Fedora 23 Update: mbedtls-2.1.2-1.fc23Mailing List;Third Party Advisory
Jump to