Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1182

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-1182
Last Modified 17 Apr 2015 10:00:10
Published 27 Jan 2015 03:59:14
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1182

Summary

The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.

Vulnerable Systems

Operating System

  • Novell Opensuse 13.2

Application

  • Polarssl 1.0.0

  • Polarssl 1.1.0

  • Polarssl 1.1.1

  • Polarssl 1.1.2

  • Polarssl 1.1.3

  • Polarssl 1.1.4

  • Polarssl 1.1.5

  • Polarssl 1.1.6

  • Polarssl 1.1.7

  • Polarssl 1.1.8

  • Polarssl 1.2.0

  • Polarssl 1.2.1

  • Polarssl 1.2.10

  • Polarssl 1.2.11

  • Polarssl 1.2.12

  • Polarssl 1.2.2

  • Polarssl 1.2.3

  • Polarssl 1.2.4

  • Polarssl 1.2.5

  • Polarssl 1.2.6

  • Polarssl 1.2.7

  • Polarssl 1.2.8

  • Polarssl 1.2.9

  • Polarssl 1.3.0

  • Polarssl 1.3.1

  • Polarssl 1.3.2

  • Polarssl 1.3.3

  • Polarssl 1.3.4

  • Polarssl 1.3.5

  • Polarssl 1.3.6

  • Polarssl 1.3.7

  • Polarssl 1.3.8

  • Polarssl 1.3.9


References

CONFIRM - https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04

DEBIAN - DSA-3136

SECUNIA - 62610

SECUNIA - 62270

SUSE - openSUSE-SU-2015:0186

FEDORA - FEDORA-2015-1045

FEDORA - FEDORA-2015-0991


Last Updated: 27 May 2016 11:07:44