Description

Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.

Remediation

References

CVE-2015-3216

Related Vulnerabilities

WordPress Plugin FileBird-WordPress Media Library Folders & File Manager SQL Injection (4.7.3)

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-16192)

WordPress Plugin Deeper Comments Security Bypass (2.1.1)

WordPress Plugin Connections Business Directory Unspecified Vulnerability (0.7.1.5)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-6734)

Severity

Medium

Classification

CVE-2015-3216 CWE-362

Tags

Missing Update Known Vulnerabilities