virus logo FortiClient Vulnerability

OpenSSL CVE-2015-0289 Vulnerability

description-logoDescription

Severity: ModerateThe PKCS#7 parsing code does not handle missing outer ContentInfo correctly.An attacker can craft malformed ASN.1-encoded PKCS#7 blobs withmissing content and trigger a NULL pointer dereference on parsing.Applications that verify PKCS#7 signatures, decrypt PKCS#7 data orotherwise parse PKCS#7 structures from untrusted sources areaffected. OpenSSL clients and servers are not affected.This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0and 0.9.8.OpenSSL 1.0.2 users should upgrade to 1.0.2aOpenSSL 1.0.1 users should upgrade to 1.0.1m.OpenSSL 1.0.0 users should upgrade to 1.0.0r.OpenSSL 0.9.8 users should upgrade to 0.9.8zf.This issue was reported to OpenSSL on February 16th 2015 by MichalZalewski (Google) and a fix developed by Emilia Ksper of the OpenSSLdevelopment team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2015-0289

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39827
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL