Description

Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.

Remediation

References

CVE-2015-3216

Related Vulnerabilities

Jboss EAP Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2021-3642)

Internet Information Services Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2002-0419)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4290)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-7076)

Jetty Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2021-28163)

Severity

Medium

Classification

CVE-2015-3216 CWE-362

Tags

Missing Update Known Vulnerabilities