Description

Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.

Remediation

References

CVE-2015-0292

Related Vulnerabilities

Chamilo Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-3533)

MySQL CVE-2019-2834 Vulnerability (CVE-2019-2834)

WordPress Plugin SEO Redirection-301 Redirect Manager Cross-Site Request Forgery (8.9)

phpList Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-2916)

ProjectSend Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-11492)

Severity

High

Classification

CVE-2015-0292 CWE-119

Tags

Missing Update Known Vulnerabilities