Description

Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.

Remediation

References

CVE-2015-3216

Related Vulnerabilities

Oracle Database Server Resource Management Errors Vulnerability (CVE-2007-5506)

PrestaShop Other Vulnerability (CVE-2020-15082)

WordPress Plugin Cool Timeline (Horizontal & Vertical Timeline) Security Bypass (2.3.3)

MediaWiki Other Vulnerability (CVE-2007-0177)

Oracle Database Server Create Session privilege issue (CVE-2021-1993)

Severity

Medium

Classification

CVE-2015-3216 CWE-362

Tags

Missing Update Known Vulnerabilities