QwikSec

Security Database

CVE

CWE

Training

CVE-2015-1792

Published: Jun 12, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

SUSE-SU-2015:1184

vendor-advisory

vendor-advisory

vendor-advisory

SUSE-SU-2015:1150

vendor-advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10122

http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015

vendor-advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965

https://openssl.org/news/secadv/20150611.txt

vendor-advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

SUSE-SU-2015:1182

vendor-advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

SUSE-SU-2015:1143

vendor-advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

openSUSE-SU-2016:0640

vendor-advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

vdb-entry

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015

FEDORA-2015-10108

vendor-advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products

vendor-advisory

openSUSE-SU-2015:1277

vendor-advisory

APPLE-SA-2015-08-13-2

vendor-advisory

vendor-advisory

http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015

vdb-entry

vendor-advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044

vdb-entry

https://github.com/openssl/openssl/commit/cd30f03ac5bf2962f44bd02ae8d88245dff2f12c

vendor-advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763

FEDORA-2015-10047

vendor-advisory

https://support.apple.com/kb/HT205031

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

https://support.citrix.com/article/CTX216642

SUSE-SU-2015:1185

vendor-advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694

openSUSE-SU-2015:1139

vendor-advisory

https://bto.bluecoat.com/security-advisory/sa98

NetBSD-SA2015-008

vendor-advisory

https://www.openssl.org/news/secadv_20150611.txt

vendor-advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2015-1792 - Security Vulnerability | QwikSec