Search for vulnerabilities
Vulnerability details: VCID-5g8u-a3pe-aaan
Vulnerability ID VCID-5g8u-a3pe-aaan
Aliases CVE-2014-8275
VC-OPENSSL-20150105-CVE-2014-8275
Summary OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint. This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-310 Cryptographic Issues
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
generic_textual LOW http://marc.info/?l=bugtraq&m=144050155601375&w=2
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8275.html
rhas Moderate https://access.redhat.com/errata/RHSA-2015:0066
rhas Moderate https://access.redhat.com/errata/RHSA-2015:0800
epss 0.07019 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.07019 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.08093 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.08093 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.08207 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.08207 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.08207 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.08207 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.08207 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.08207 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.08207 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.08207 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.08207 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09381 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09381 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09381 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09511 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09547 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09547 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09547 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.09547 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.10429 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.10429 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.10429 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.10429 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.10429 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.10429 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.10429 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.10429 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.10429 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.10429 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.10429 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.10429 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.10429 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.12304 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.12304 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.12304 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.12304 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.12304 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.12304 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.12304 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.12304 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.12304 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.12304 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.12304 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
epss 0.18542 https://api.first.org/data/v1/epss?cve=CVE-2014-8275
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1180187
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2014-8275
generic_textual Medium https://ubuntu.com/security/notices/USN-2459-1
generic_textual Low https://www.openssl.org/news/secadv/20150108.txt
generic_textual Medium https://www.openssl.org/news/secadv_20150108.txt
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
cvssv3.1 7.5 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
generic_textual HIGH http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
cvssv3.1 7.5 http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Reference id Reference type URL
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://marc.info/?l=bugtraq&m=142496179803395&w=2
http://marc.info/?l=bugtraq&m=142496289803847&w=2
http://marc.info/?l=bugtraq&m=142720981827617&w=2
http://marc.info/?l=bugtraq&m=142721102728110&w=2
http://marc.info/?l=bugtraq&m=142895206924048&w=2
http://marc.info/?l=bugtraq&m=143748090628601&w=2
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://marc.info/?l=bugtraq&m=144050205101530&w=2
http://marc.info/?l=bugtraq&m=144050254401665&w=2
http://marc.info/?l=bugtraq&m=144050297101809&w=2
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8275.html
http://rhn.redhat.com/errata/RHSA-2015-0066.html
http://rhn.redhat.com/errata/RHSA-2015-0800.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8275.json
https://api.first.org/data/v1/epss?cve=CVE-2014-8275
https://bto.bluecoat.com/security-advisory/sa88
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
https://github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3e
https://github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811b
https://kc.mcafee.com/corporate/index?page=content&id=SB10102
https://kc.mcafee.com/corporate/index?page=content&id=SB10108
https://support.apple.com/HT204659
https://support.citrix.com/article/CTX216642
https://ubuntu.com/security/notices/USN-2459-1
https://www.openssl.org/news/secadv/20150108.txt
https://www.openssl.org/news/secadv_20150108.txt
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
http://www.debian.org/security/2015/dsa-3125
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/bid/71935
http://www.securitytracker.com/id/1033378
1180187 https://bugzilla.redhat.com/show_bug.cgi?id=1180187
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
CVE-2014-8275 https://nvd.nist.gov/vuln/detail/CVE-2014-8275
RHSA-2015:0066 https://access.redhat.com/errata/RHSA-2015:0066
RHSA-2015:0800 https://access.redhat.com/errata/RHSA-2015:0800
USN-2459-1 https://usn.ubuntu.com/2459-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-8275
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.90608
EPSS Score 0.07019
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.