RSA BSAFE Crypto-C up to 4.0.3/4.1 Base64 Decoding numeric error
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
8.1 | $0-$5k | 0.00 |
A vulnerability, which was classified as critical, was found in RSA BSAFE Crypto-C up to 4.0.3/4.1. Affected is some unknown functionality of the component Base64 Decoding. The manipulation with an unknown input leads to a numeric error vulnerability. CWE is classifying the issue as CWE-189. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was presented 08/18/2015 as ESA-2015-081 as confirmed advisory (Website). The advisory is shared for download at seclists.org. This vulnerability is traded as CVE-2015-0537 since 12/17/2014. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available.
Upgrading to version 4.0.4 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at X-Force (105654). See 77266, 77267, 77347 and 77348 for similar entries.
Product
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.5VulDB Meta Temp Score: 8.1
VulDB Base Score: 7.3
VulDB Temp Score: 6.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 9.8
NVD Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Numeric errorCWE: CWE-189
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: BSAFE Crypto-C 4.0.4
Timeline
12/17/2014 🔍08/17/2015 🔍
08/17/2015 🔍
08/18/2015 🔍
08/18/2015 🔍
08/18/2015 🔍
08/20/2015 🔍
10/13/2015 🔍
06/12/2022 🔍
Sources
Vendor: rsa.comAdvisory: ESA-2015-081
Status: Confirmed
CVE: CVE-2015-0537 (🔍)
X-Force: 105654 - Multiple RSA BSAFE products integer underflow
SecurityTracker: 1033299
Vulnerability Center: 53377 - RSA BSAFE MMS, Crypto-C ME and SSL Remote Code Execution and DoS Due to Integer Overflow in base64-Decoding Implementation, High
SecurityFocus: 76377 - Multiple EMC RSA Products ESA-2015-081 Multiple Security Vulnerabilities
See also: 🔍
Entry
Created: 08/18/2015 18:10Updated: 06/12/2022 14:10
Changes: 08/18/2015 18:10 (59), 02/13/2018 07:22 (9), 06/12/2022 14:04 (3), 06/12/2022 14:10 (11)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.