CVE-2015-0206

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.0 through 1.0.0p OpenSSL versions 1.0.1 through 1.0.1k openssl-1.0.1e openssl-devel-1.0.1e openssl-static-1.0.1e openssl-libs-1.0.1e openssl-debuginfo-1.0.1e

Description The issue is related to multiple vulnerabilities in the OpenSSL package, which can be exploited remotely to cause a denial of service or gain access to encrypted data without knowing the encryption key. The vulnerabilities can lead to a memory leak, allowing attackers to consume memory and cause a failure in replay detection. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For OpenSSL versions 1.0.0 through 1.0.0p, update to version 1.0.0p or later. For OpenSSL versions 1.0.1 through 1.0.1k, update to version 1.0.1k or later. For openssl-1.0.1e, openssl-devel-1.0.1e, openssl-static-1.0.1e, openssl-libs-1.0.1e, and openssl-debuginfo-1.0.1e, update to a version that is not affected by the vulnerabilities. As a temporary workaround, consider restricting access to the vulnerable OpenSSL package until a patch is available.