virus logo FortiClient Vulnerability

OpenSSL CVE-2015-0287 Request Smuggling Vulnerability

description-logoDescription

Severity: ModerateReusing a structure in ASN.1 parsing may allow an attacker to causememory corruption via an invalid write. Such reuse is and has beenstrongly discouraged and is believed to be rare.Applications that parse structures containing CHOICE or ANY DEFINED BYcomponents may be affected. Certificate parsing (d2i_X509 and relatedfunctions) are however not affected. OpenSSL clients and servers arenot affected.This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0and 0.9.8.OpenSSL 1.0.2 users should upgrade to 1.0.2aOpenSSL 1.0.1 users should upgrade to 1.0.1m.OpenSSL 1.0.0 users should upgrade to 1.0.0r.OpenSSL 0.9.8 users should upgrade to 0.9.8zf.This issue was discovered by Emilia Ksper and a fix developed byStephen Henson of the OpenSSL development team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2015-0287

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39826
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL