CVE-2015-5334: Buffer Overflow

Q: What is CVE-2015-5334?

CVE-2015-5334 is a vulnerability in LibreSSL that allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted X.509 certificate.

Q: What is the severity of CVE-2015-5334?

The severity of CVE-2015-5334 is critical with a CVSS score of 9.8.

Q: How can I mitigate the impact of CVE-2015-5334?

You can mitigate the impact of CVE-2015-5334 by updating to LibreSSL version 2.6.4 or later.

Q: Which software versions are affected by CVE-2015-5334?

macOS Mojave (version up to 10.14), Openbsd Libressl (version up to 2.3.1), Opensuse Opensuse (version 13.2) are affected by CVE-2015-5334.

Q: Where can I find more information about CVE-2015-5334?

You can find more information about CVE-2015-5334 at the following references: [1] [2] [3].

Published Sep 24, 2018

Updated

LibreSSL. Multiple issues were addressed by updating to libressl version 2.6.4.

Other sources

Off-by-one error in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.

Credit

CVE-2015-3194, CVE-2015-5333, CVE-2015-5334, CVE-2016-0702

Affected Software

3 affected componentsFixes available

Apple macOS Mojave<10.14

10.14

OpenBSD LibreSSL<2.3.1

openSUSE openSUSE=13.2

Event History

Jan 23, 2020

CVE Published

via MITRE·07:56 PM

Data Sourced

via MITRE·07:56 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT209139

Peer vulnerabilities

Found alongside the following vulnerabilities.

CVE-2018-5383
CVE-2018-4295
CVE-2018-4324
CVE-2018-4417
CVE-2018-4353
CVE-2017-12613
CVE-2017-12618
CVE-2018-4411
CVE-2018-4308
CVE-2018-4321
CVE-2018-4126
CVE-2018-4412
CVE-2018-4414
CVE-2018-4347
CVE-2018-4333
CVE-2018-4153
CVE-2018-4406
CVE-2018-4346
CVE-2018-4296
CVE-2018-4433
CVE-2019-8643
CVE-2017-5731
CVE-2017-5732
CVE-2017-5733
CVE-2017-5734
CVE-2017-5735
CVE-2018-4426
CVE-2018-4331
CVE-2018-4332
CVE-2018-4343
CVE-2018-3646
CVE-2018-4355
CVE-2018-4396
CVE-2018-4418
CVE-2018-4351
CVE-2018-4350
CVE-2018-4334
CVE-2018-4451
CVE-2018-4456
CVE-2018-4408
CVE-2018-4341
CVE-2018-4354
CVE-2018-4383
CVE-2018-4401
CVE-2018-4399
CVE-2018-4407
CVE-2018-4336
CVE-2018-4337
CVE-2018-4340
CVE-2018-4344
CVE-2018-4425
CVE-2015-3194
CVE-2015-5333
CVE-2015-5334
CVE-2016-0702
CVE-2018-4348
CVE-2018-4326
CVE-2018-4310
CVE-2018-3639
CVE-2018-4395
CVE-2016-1777
CVE-2018-4393
CVE-2018-4203
CVE-2018-4304
CVE-2018-4338

Frequently Asked Questions

What is CVE-2015-5334?

CVE-2015-5334 is a vulnerability in LibreSSL that allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted X.509 certificate.

What is the severity of CVE-2015-5334?