virus logo FortiClient Vulnerability

OpenSSL CVE-2015-0286 Request Smuggling Vulnerability

description-logoDescription

Severity: ModerateThe function ASN1_TYPE_cmp will crash with an invalid read if an attempt ismade to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to checkcertificate signature algorithm consistency this can be used to crash anycertificate verification operation and exploited in a DoS attack. Anyapplication which performs certificate verification is vulnerable includingOpenSSL clients and servers which enable client authentication.This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.OpenSSL 1.0.2 users should upgrade to 1.0.2aOpenSSL 1.0.1 users should upgrade to 1.0.1m.OpenSSL 1.0.0 users should upgrade to 1.0.0r.OpenSSL 0.9.8 users should upgrade to 0.9.8zf.This issue was discovered and fixed by Stephen Henson of the OpenSSLdevelopment team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2015-0286

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39824
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL