OpenSSL do_free_upto Function Denial of Service Vulnerability (CVE-2015-1792)

OpenSSL do_free_upto Function Denial of Service Vulnerability (CVE-2015-1792)
OpenSSL do_free_upto Function Denial of Service Vulnerability (CVE-2015-1792)

Release date:
Updated on:

Affected Systems:

OpenSSL Project OpenSSL 〈 0.9.8zg
OpenSSL Project OpenSSL < 1.0.2b
OpenSSL Project OpenSSL < 1.0.1n
OpenSSL Project OpenSSL < 1.0.0s

Description:

CVE (CAN) ID: CVE-2015-1792

OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in various network applications.

OpenSSL versions earlier than 0.9.8zg, 1.0.0s, 1.0.1n, and 1.0.2b have a security vulnerability in function do_free_upto in crypto/cms/cms_smime.c. Remote attackers can trigger NULL values of BIO data structures, this vulnerability can cause DoS (infinite loops ).

<* Source: Johannes Bauer

Link: https://www.openssl.org/news/secadv_20150611.txt
*>

Suggestion:

Vendor patch:

OpenSSL Project
---------------
The OpenSSL Project has released a Security Bulletin (secadv_20150611) and corresponding patches:
Secadv_20150611: OpenSSL Security Advisory [11 Jun 2015]
Link: https://www.openssl.org/news/secadv_20150611.txt

Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.

Use OpenSSL to generate certificates in Linux

Use OpenSSL to sign multi-domain certificates

OpenSSL details: click here
OpenSSL: click here

This article permanently updates the link address: