NVD

Id
23558  
Name
CVE-2015-1182  
Description
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2015-01-27  
Modified Date
2015-04-17  
Seq
2015-1182  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
124829 23558 CVE-2015-1182 FEDORA-2015-0991  View
124830 23558 CVE-2015-1182 FEDORA-2015-1045  View
124831 23558 CVE-2015-1182 openSUSE-SU-2015:0186  View
124832 23558 CVE-2015-1182 DSA-3136  View
124833 23558 CVE-2015-1182 https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
5930 JVNDB-2015-001250 PolarSSL の library/asn1parse.c の asn1_get_sequence_of 関数におけるサービス運用妨害 (DoS) の脆弱性 PolarSSL の library/asn1parse.c の asn1_get_sequence_of 関数は、asn1_sequence にリンクしたリストのポインタを適切に初期化しないため、サービス運用妨害 (クラッシュ) 状態にされる、または任意のコードを実行される脆弱性が存在します。 CVE-2015-1182 78407 CVE-2015-1182 23558 7.5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-001250.html 2015-01-19 2015-01-29 View