OpenSSL X509_cmp_time Function Denial of Service (CVE-2015-1789) Vulnerability)

OpenSSL X509_cmp_time Function Denial of Service (CVE-2015-1789) Vulnerability)
OpenSSL X509_cmp_time Function Denial of Service (CVE-2015-1789) Vulnerability)

Release date:
Updated on:

Affected Systems:

OpenSSL Project OpenSSL 〈 0.9.8zf
OpenSSL Project OpenSSL < 1.0.2b
OpenSSL Project OpenSSL < 1.0.1n
OpenSSL Project OpenSSL < 1.0.0s

Description:

CVE (CAN) ID: CVE-2015-1789

OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in various network applications.

OpenSSL versions earlier than 0.9.8zg, 1.0.0s, 1.0.1n, and 1.0.2b have a security vulnerability in the crypto/x509/x509_vfy.c function X509_cmp_time. Remote attackers can use the length field constructed in ASN1_TIME data, this vulnerability can cause denial of service (out-of-bounds read and application crash ).

<* Source: Hanno B & #195; & #182; ck

Link: https://www.openssl.org/news/secadv_20150611.txt
*>

Suggestion:

Vendor patch:

OpenSSL Project
---------------
The OpenSSL Project has released a Security Bulletin (secadv_20150611) and corresponding patches:
Secadv_20150611: OpenSSL Security Advisory [11 Jun 2015]
Link: https://www.openssl.org/news/secadv_20150611.txt

Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.

Use OpenSSL to generate certificates in Linux

Use OpenSSL to sign multi-domain certificates

OpenSSL details: click here
OpenSSL: click here

This article permanently updates the link address: