VDB

CVE-2015-1788

CVE-2015-1788 PUBLISHED

The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.

EPSS 15.91% · 94.9th percentile

Risk Scores

EPSS Score
15.91%
94.9th percentile

Affected Products

VendorProductVersions
Ubuntu:14.04:LTSopenssl1.0.1e-4ubuntu1, *, 1.0.1e-4ubuntu3

Exploit Intelligence

…and 706 more exploits

Timeline

  • Jun 11, 2015 CVE Published
  • Jun 11, 2015 PoC Published
  • Jun 20, 2016 PoC Published
  • Jul 20, 2018 PoC Published
  • Oct 2, 2020 PoC Published
  • Nov 6, 2020 PoC Published
  • Sep 6, 2021 PoC Published
  • Feb 4, 2022 EPSS Score
  • Nov 4, 2023 EPSS Score
  • Feb 17, 2024 EPSS Score
  • Oct 9, 2024 PoC Published
  • Dec 6, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›