HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2015-1182

CVSS 7.5v2.0pub. 2015-01-27upd. 2026-05-06

The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Opensuse

    OS
    Opensuse
    13.2
  • Polarssl

    APP
    Polarssl
    1.0.01.1.01.1.11.1.21.1.31.1.41.1.51.1.61.1.71.1.81.2.01.2.11.2.101.2.111.2.12+ 18 więcej
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEDoS
CWE
References

Related vulnerabilities

CVE-2016-4171CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbi...

CVE-2016-4117CRITICAL9.8⚠ KEVten sam produkt

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified ve...

CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...

CVE-2015-2590CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows re...

CVE-2015-5119CRITICAL9.8⚠ KEVten sam produkt

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash ...