CVE-2015-3194: Null Pointer Dereference

Published Dec 4, 2015
·
Updated

crypto/rsa/rsaameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.

Other sources

LibreSSL. Multiple issues were addressed by updating to libressl version 2.6.4.

The following was reported by OpenSSL upstream:

The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verifycertificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.

This issue affects OpenSSL versions 1.0.2 and 1.0.1.

OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q

This issue was reported to OpenSSL on August 27 2015 by Loïc Jonas Etienne (Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

Red Hat

Credit

CVE-2015-3194, CVE-2015-5333, CVE-2015-5334, CVE-2016-0702

Affected Software

35 affected componentsFixes available
redhat/openssl<1.0.1
1.0.1
redhat/openssl<1.0.2
1.0.2
Apple macOS Mojave<10.14
10.14
OpenSSL OpenSSL=1.0.1
OpenSSL OpenSSL=1.0.1a
OpenSSL OpenSSL=1.0.1b
OpenSSL OpenSSL=1.0.1c
OpenSSL OpenSSL=1.0.1d
OpenSSL OpenSSL=1.0.1e
OpenSSL OpenSSL=1.0.1f
OpenSSL OpenSSL=1.0.1g
OpenSSL OpenSSL=1.0.1h
OpenSSL OpenSSL=1.0.1i
OpenSSL OpenSSL=1.0.1j
OpenSSL OpenSSL=1.0.1k
OpenSSL OpenSSL=1.0.1l
OpenSSL OpenSSL=1.0.1m
OpenSSL OpenSSL=1.0.1n
OpenSSL OpenSSL=1.0.1o
OpenSSL OpenSSL=1.0.1p
OpenSSL OpenSSL=1.0.2
OpenSSL OpenSSL=1.0.2a
OpenSSL OpenSSL=1.0.2b
OpenSSL OpenSSL=1.0.2c
OpenSSL OpenSSL=1.0.2d
Canonical Ubuntu Linux=12.04
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=15.04
Canonical Ubuntu Linux=15.10
Debian Debian Linux=7.0
Debian Debian Linux=8.0
Nodejs Node.js>=0.10.0<0.10.41
Nodejs Node.js>=0.12.0<0.12.9
Nodejs Node.js>=4.0.0<4.2.3
Nodejs Node.js>=5.0.0<5.1.1

Remediation

Patch Available

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Patch Available

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Patch Available

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Event History

Dec 4, 2015
Data Sourced
via Red Hat·03:55 AM
DescriptionSeverityAffected Software
Dec 6, 2015
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is CVE-2015-3194?

CVE-2015-3194 is a vulnerability in OpenSSL that allows remote attackers to cause a denial of service.

2

How can I fix the CVE-2015-3194 vulnerability?

To fix the CVE-2015-3194 vulnerability, update to OpenSSL version 1.0.1q or 1.0.2e.

3

What is the severity of CVE-2015-3194?

The severity of CVE-2015-3194 is high with a CVSS score of 7.5.

4

Where can I find more information about CVE-2015-3194?

You can find more information about CVE-2015-3194 on the OpenSSL website and Git repository.

5

What is the CWE ID for CVE-2015-3194?

The CWE ID for CVE-2015-3194 is CWE-476.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203