Description The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.
CVSS vector AV:N/AC:L/C:N/I:N/A:P Exploitability: 10.0 | Impact: 2.9 Complexity: Low
Confidentiality: None
Integrity: None
Affected Packages7 packages Show 2 more packages
🔴 Vulnerability Details3 GHSA GHSA-q68f-qqmm-qvj9: The do_free_upto function in crypto/cms/cms_smime ↗ 2022-05-17 ▶ OSV CVE-2015-1792: The do_free_upto function in crypto/cms/cms_smime ↗ 2015-06-12 ▶ OSV openssl vulnerabilities ↗ 2015-06-11 ▶
📋 Vendor Advisories10 CISA ICS Siemens SCALANCE X-200RNA Switch Devices ↗ 2022-12-19 ▶ Palo Alto PAN-SA-2016-0028 OpenSSL Vulnerabilities ↗ 2016-10-18 ▶ Palo Alto PAN-SA-2016-0020 OpenSSL Vulnerabilities ↗ 2016-08-15 ▶ Cisco Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products ↗ 2015-06-12 ▶ BSD FreeBSD-SA-15:10.openssl: Multiple OpenSSL vulnerabilities ↗ 2015-06-12 ▶ Show 5 more
🕵️ Threat Intelligence2 Tenable [R3] LCE 5.0.0 Fixes Multiple Third-party Library Vulnerabilities ↗ 2017-01-31 ▶ Tenable [R7] OpenSSL '20150611' Advisory Affects Tenable Products ↗ 2015-06-30 ▶
📄 Research Papers1 arXiv Cross-Inlining Binary Function Similarity Detection ↗ 2024-01-11 ▶
💬 Community2 Bugzilla CVE-2015-3216 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792 CVE-2015-1791 CVE-2014-8176: OpenSSL multiple security issues [fedora-all] ↗ 2015-06-12 ▶ Bugzilla CVE-2015-1792 OpenSSL: CMS verify infinite loop with unknown hash function ↗ 2015-06-05 ▶