Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-1182

Опубликовано: 27 янв. 2015
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.

Комментарий

CWE-824: Access of Uninitialized Pointer

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.3.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.3.0:rc0:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.3.9:*:*:*:*:*:*:*

EPSS

Процентиль: 82%
0.01697
Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2015-1182

ubuntu
около 11 лет назад

The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.

debian логотип

CVE-2015-1182

debian
около 11 лет назад

The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1 ...

github логотип

GHSA-8g33-q77c-23f6

github
больше 3 лет назад

The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.

EPSS

Процентиль: 82%
0.01697
Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other