CVE-2015-1788 — Vulnetix

Try Vulnetix Request Demo

CVE-2015-1788 PUBLISHED

The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.

EPSS 16.10% · 94.7th percentile

Risk Scores

EPSS Score

16.10%

94.7th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:14.04:LTS	openssl	0, 1.0.1e-3ubuntu1, 1.0.1e-4ubuntu1

Timeline

Jun 11, 2015 CVE Published
Jun 20, 2016 PoC Published
Jul 20, 2018 PoC Published
Oct 2, 2020 PoC Published
Nov 6, 2020 PoC Published
Sep 6, 2021 PoC Published
Feb 4, 2022 EPSS Score
Nov 4, 2023 EPSS Score
Feb 17, 2024 EPSS Score
Aug 6, 2024 CVE Updated
Oct 9, 2024 PoC Published
Dec 6, 2024 EPSS Score

References

https://ubuntu.com/security/notices/USN-2639-1 vendor-advisory
https://ubuntu.com/security/CVE-2015-1788 third-party-advisory
https://www.openssl.org/news/secadv_20150611.txt third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2015-1788 third-party-advisory
Multiples vulnérabilités dans les produits Siemens advisory

Open in Interactive Console →