CVE-2015-0292

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 0.9.8za OpenSSL versions prior to 1.0.0m OpenSSL versions prior to 1.0.1h

Description The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely, potentially leading to a denial of service or memory corruption via crafted base64 data that triggers a buffer overflow. The vulnerability is related to an integer underflow in the EVP DecodeUpdate function in the base64-decoding implementation.

Recommendations For versions prior to 0.9.8za, update to version 0.9.8za or later. For versions prior to 1.0.0m, update to version 1.0.0m or later. For versions prior to 1.0.1h, update to version 1.0.1h or later. As a temporary workaround, consider restricting access to the EVP DecodeUpdate function until a patch is available. Avoid using crafted base64 data in the affected API endpoints until the issue is resolved.