virus logo FortiClient Vulnerability

OpenSSL CVE-2015-0208 Vulnerability

description-logoDescription

Severity: ModerateThe signature verification routines will crash with a NULL pointerdereference if presented with an ASN.1 signature using the RSA PSSalgorithm and invalid parameters. Since these routines are used to verifycertificate signature algorithms this can be used to crash anycertificate verification operation and exploited in a DoS attack. Anyapplication which performs certificate verification is vulnerable includingOpenSSL clients and servers which enable client authentication.This issue affects OpenSSL version: 1.0.2OpenSSL 1.0.2 users should upgrade to 1.0.2aThis issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenterand a fix developed by Stephen Henson of the OpenSSL development team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2015-0208

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39825
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL