Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2015-1182

Published: 27/01/2015 Updated: 30/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Opensuse

Vulnerability Summary

The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 up to and including 1.2.12 and 1.3.x up to and including 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

opensuse opensuse 13.2

polarssl polarssl 1.0.0

polarssl polarssl 1.1.0

polarssl polarssl 1.1.5

polarssl polarssl 1.1.6

polarssl polarssl 1.2.12

polarssl polarssl 1.2.2

polarssl polarssl 1.2.3

polarssl polarssl 1.3.0

polarssl polarssl 1.3.6

polarssl polarssl 1.3.7

polarssl polarssl 1.1.1

polarssl polarssl 1.1.2

polarssl polarssl 1.2.0

polarssl polarssl 1.2.1

polarssl polarssl 1.2.6

polarssl polarssl 1.2.7

polarssl polarssl 1.3.2

polarssl polarssl 1.3.3

polarssl polarssl 1.1.3

polarssl polarssl 1.1.4

polarssl polarssl 1.2.10

polarssl polarssl 1.2.11

polarssl polarssl 1.2.8

polarssl polarssl 1.2.9

polarssl polarssl 1.3.4

polarssl polarssl 1.3.5

polarssl polarssl 1.1.7

polarssl polarssl 1.1.8

polarssl polarssl 1.2.4

polarssl polarssl 1.2.5

polarssl polarssl 1.3.1

polarssl polarssl 1.3.8

polarssl polarssl 1.3.9

Vendor Advisories

Debian CVElist Bug Report Logs: polarssl: CVE-2015-1182: Remote attack using crafted certificates
Debian Bug report logs - #775776 polarssl: CVE-2015-1182: Remote attack using crafted certificates Package: src:polarssl; Maintainer for src:polarssl is Roland Stigge <stigge@antcomde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 19 Jan 2015 19:18:02 UTC Severity: grave Tags: fixed-upstream, pat ...
Debian CVElist Bug Report Logs: polarssl: CVE-2015-5291: Remote attack on clients using session tickets or SNI
Debian Bug report logs - #801413 polarssl: CVE-2015-5291: Remote attack on clients using session tickets or SNI Package: src:polarssl; Maintainer for src:polarssl is Roland Stigge <stigge@antcomde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 9 Oct 2015 20:03:01 UTC Severity: grave Tags: fixed- ...
Debian Security Advisories: DSA-3136-1 polarssl -- security update
A vulnerability was discovered in PolarSSL, a lightweight crypto and SSL/TLS library A remote attacker could exploit this flaw using specially crafted certificates to mount a denial of service against an application linked against the library (application crash), or potentially, to execute arbitrary code For the stable distribution (wheezy), this ...

References

NVD-CWE-Otherhttp://secunia.com/advisories/62270https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04http://secunia.com/advisories/62610http://www.debian.org/security/2015/dsa-3136http://lists.opensuse.org/opensuse-updates/2015-02/msg00003.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/148903.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/148829.htmlhttps://security.gentoo.org/glsa/201801-15https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775776https://www.debian.org/security/./dsa-3136
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook