What is CVE-2015-0206?

CVE-2015-0206 is a vulnerability in Openssl, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2015-01-09.

Is CVE-2015-0206 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Openssl

CVE-2015-0206

Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epo…

Vulnerability class: Buffer Overflow

EPSS: 0.593 (99.0th percentile) — read the EPSS interpretation.

Affected products

Openssl — versions 1.0.0a, 1.0.0b, 1.0.0c
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_CONFIRM)
openSUSE-SU-2015:0130 (vendor-advisory, x_refsource_SUSE)
20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products (x_refsource_CISCO, vendor-advisory)
openssl-cve20150206-dos(99704) (vdb-entry, x_refsource_XF)
HPSBMU03409 (x_refsource_HP, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
HPSBMU03380 (x_refsource_HP, vendor-advisory)
FEDORA-2015-0601 (x_refsource_FEDORA, vendor-advisory)
1033378 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2015-0206?: CVE-2015-0206 is a vulnerability in Openssl, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2015-01-09.
Is CVE-2015-0206 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.