Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-1788

Published: 12/06/2015 Updated: 13/12/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Openssl

Vulnerability Summary

The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL prior to 0.9.8s, 1.0.0 prior to 1.0.0e, 1.0.1 prior to 1.0.1n, and 1.0.2 prior to 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote malicious users to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

openssl openssl 1.0.1m

openssl openssl 1.0.2a

openssl openssl 1.0.1j

openssl openssl 1.0.0n

openssl openssl 1.0.1

openssl openssl 1.0.0c

openssl openssl 1.0.0i

openssl openssl 1.0.0

openssl openssl 1.0.1h

openssl openssl 1.0.0m

openssl openssl 1.0.1c

openssl openssl 1.0.1g

openssl openssl 1.0.0h

openssl openssl 1.0.0e

openssl openssl 1.0.0f

openssl openssl 1.0.0d

openssl openssl 1.0.0j

openssl openssl 1.0.0p

openssl openssl 1.0.1a

openssl openssl 1.0.0o

openssl openssl 1.0.1d

openssl openssl 1.0.0k

openssl openssl 1.0.2

openssl openssl 1.0.1k

openssl openssl 1.0.1b

openssl openssl 1.0.1e

openssl openssl 1.0.1l

openssl openssl 1.0.1f

openssl openssl 1.0.0l

openssl openssl 1.0.0r

openssl openssl 1.0.0a

openssl openssl 1.0.0q

openssl openssl 1.0.1i

openssl openssl 1.0.0b

openssl openssl 1.0.0g

Vendor Advisories

Ubuntu Security Notice: openssl vulnerabilities
Several security issues were fixed in OpenSSL ...
Red Hat: CVE-2015-1788
It was reported that OpenSSL could enter an infinite loop when processing an ECParameters structure if the curve specified is over a specially malformed binary polynomial field This can be used to perform denial of service attacks against any system which processes public keys, certificate requests or certificates, including TLS clients and TLS se ...
Cisco: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
On June 11, 2015, the OpenSSL Project released a security advisory detailing six distinct vulnerabilities, and another fix that provides hardening protections against exploits as described in the Logjam research Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthe ...
Tenable Security Advisories: [R7] OpenSSL '20150611' Advisory Affects Tenable Products
Nessus and SecurityCenter are potentially impacted by several vulnerabilities in OpenSSL that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to patch the included version of OpenSSL as a precaution, and to save time CVE-2015-1788 - OpenSSL crypto/bn/bn_gf2mc BN_GF2m ...
Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware
Description of Problem A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler-based hardware appliances: Citrix NetScaler Application Delivery Controller (ADC) Citrix NetScaler Gateway Citrix NetScaler Service Delivery Appliance Citrix CloudBridge (now NetScaler S ...

ICS Advisories

Siemens SCALANCE X-200RNA Switch Devices

Recent Articles

HPE rushes out patch for more than a year of OpenSSL vulns
The Register • Richard Chirgwin • 06 Jul 2016

Logjam in patch pipeline cleared at last

HP Enterprise has popped into its Tardis, and gone back in time to patch OpenSSL bugs dating back to 2014 – including the infamous Logjam bug. The bugs are in various network products: Intelligent Management Center (iMC), the VCX unified communications products, and the Comware network operating system. The company's notice cites Common Vulnerability and Exposure (CVE) advisories CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, and CVE-2015-1793. Most o...

Read more...

References

CWE-399https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932https://www.openssl.org/news/secadv_20150611.txthttp://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttps://support.apple.com/kb/HT205031http://marc.info/?l=bugtraq&m=143880121627664&w=2http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.securityfocus.com/bid/91787https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763http://marc.info/?l=bugtraq&m=144050155601375&w=2http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.securityfocus.com/bid/75158http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgeryhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttps://openssl.org/news/secadv/20150611.txthttp://fortiguard.com/advisory/openssl-vulnerabilities-june-2015http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015http://www-304.ibm.com/support/docview.wss?uid=swg21960041https://bto.bluecoat.com/security-advisory/sa98http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015https://security.gentoo.org/glsa/201506-02http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlhttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.aschttps://kc.mcafee.com/corporate/index?page=content&id=SB10122http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.htmlhttp://www.ubuntu.com/usn/USN-2639-1http://www.securitytracker.com/id/1032564http://www.debian.org/security/2015/dsa-3287http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-opensslhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttps://support.citrix.com/article/CTX216642https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://usn.ubuntu.com/2639-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-1788https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook