CVE-2015-3216

{"id": "CVE-2015-3216", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-07-07T10:59:00.087", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/75219", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1032587", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1225994", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}, {"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field."}, {"lang": "es", "value": "Condici\u00f3n de carrera en cierto parche Red Hat patch a la implementaci\u00f3n PRNG lock en la funci\u00f3n ssleay_rand_bytes en OpenSSL, distribuido en openssl-1.0.1e-25.el7 en Red Hat Enterprise Linux (RHEL) 7 y otros productos, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) mediante el establecimiento de muchas sesiones TLS en un servidor de m\u00faltiples hilos, conduciendo al uso de un valor negativo para cierto campo de longitud."}], "lastModified": "2018-01-05T02:30:06.023", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:1.0.1e-25.el7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A072AA49-749C-48EF-AD15-BE4A5BBE1AB8"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}