CVE-2015-1792

NONECVSS 0.0

0.0

The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.

🔗 References (96)

secalert@redhathttp://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
secalert@redhathttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
secalert@redhathttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
secalert@redhathttp://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
secalert@redhathttp://marc.info/?l=bugtraq&m=143654156615516&w=2

Is Your Infrastructure Affected by CVE-2015-1792?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2015-1792

📅 Published

🔄 Last Modified

🔗 References (96)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2015-1792?