CVE-2015-3216

Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:openssl:openssl:1.0.1e-25.el7:*:*:*:*:*:*:*

Information

Published : 2015-07-07 03:59

Updated : 2018-01-04 18:30


NVD link : CVE-2015-3216

Mitre link : CVE-2015-3216


JSON object : View

CWE
CWE-189

Numeric Errors

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Advertisement

dedicated server usa

Products Affected

openssl

  • openssl

redhat

  • enterprise_linux