CVE-2015-1794

Published: Dec 6, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products

vendor-advisory

SSA:2015-349-04

vendor-advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

USN-2830-1

vendor-advisory

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

http://openssl.org/news/secadv/20151203.txt

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=ada57746b6b80beae73111fe1291bf8dd89af91c

1034294

vdb-entry

openSUSE-SU-2016:0637

vendor-advisory

http://fortiguard.com/advisory/openssl-advisory-december-2015

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-1794

Description

Affected Products

References