Denial of Service Vulnerability in OpenSSL by OpenSSL
CVE-2015-3196

Currently unrated

Key Information:

Vendor: HP
Status: Icewall Sso; Icewall Sso Agent Option
Vendor: CVE Published:; 6 December 2015

What is CVE-2015-3196?

The vulnerability in OpenSSL arises when the library is utilized for multi-threaded clients, leading to improper handling of the PSK identity hint. This flaw may allow remote attackers to induce a denial of service by sending a crafted ServerKeyExchange message, causing race conditions and possible double free scenarios.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...

http://lists.opensuse.org/opensuse-updates/2015-12/msg000...

vendor-advisory

EPSS Score

7% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2015
Vulnerability Reserved
Apr 10, 2015

HP

What is CVE-2015-3196?

References

EPSS Score

Timeline