Back to search
CVE-2015-0209
Published: Mar 19, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2015:0715
vendor-advisory
openSUSE-SU-2015:0554
vendor-advisory
DSA-3197
vendor-advisory
USN-2537-1
vendor-advisory
HPSBMU03409
vendor-advisory
FEDORA-2015-4303
vendor-advisory
HPSBMU03380
vendor-advisory
FEDORA-2015-4300
vendor-advisory
APPLE-SA-2015-06-30-2
vendor-advisory
FEDORA-2015-6951
vendor-advisory
openSUSE-SU-2016:0640
vendor-advisory
RHSA-2016:1089
vendor-advisory
openSUSE-SU-2015:1277
vendor-advisory
HPSBUX03334
vendor-advisory
MDVSA-2015:063
vendor-advisory
SUSE-SU-2015:0541
vendor-advisory
RHSA-2015:0716
vendor-advisory
HPSBGN03306
vendor-advisory
FreeBSD-SA-15:06
vendor-advisory
HPSBMU03397
vendor-advisory
RHSA-2015:0752
vendor-advisory
RHSA-2016:2957
vendor-advisory
1031929
vdb-entry
SSRT102000
vendor-advisory
73239
vdb-entry
MDVSA-2015:062
vendor-advisory
FEDORA-2015-4320
vendor-advisory
FEDORA-2015-6855
vendor-advisory
HPSBMU03413
vendor-advisory
GLSA-201503-11
vendor-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now