Vulnerability Description
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | 1.0.0a |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.ht
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.ht
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
- http://marc.info/?l=bugtraq&m=142721102728110&w=2
- http://marc.info/?l=bugtraq&m=143748090628601&w=2
- http://marc.info/?l=bugtraq&m=144050155601375&w=2
- http://marc.info/?l=bugtraq&m=144050205101530&w=2
- http://marc.info/?l=bugtraq&m=144050254401665&w=2
- http://marc.info/?l=bugtraq&m=144050297101809&w=2
- http://rhn.redhat.com/errata/RHSA-2015-0066.html
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20
- http://www.debian.org/security/2015/dsa-3125
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
FAQ
What is CVE-2015-0206?
CVE-2015-0206 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending ...
How severe is CVE-2015-0206?
CVE-2015-0206 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0206?
Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl.