virus logo FortiClient Vulnerability

OpenSSL CVE-2015-0209 Vulnerability

description-logoDescription

Severity: LowA malformed EC private key file consumed via the d2i_ECPrivateKey function couldcause a use after free condition. This, in turn, could cause a doublefree in several private key parsing functions (such as d2i_PrivateKeyor EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruptionfor applications that receive EC private keys from untrustedsources. This scenario is considered rare.This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.OpenSSL 1.0.2 users should upgrade to 1.0.2aOpenSSL 1.0.1 users should upgrade to 1.0.1m.OpenSSL 1.0.0 users should upgrade to 1.0.0r.OpenSSL 0.9.8 users should upgrade to 0.9.8zf.This issue was discovered by the BoringSSL project and fixed in their commit517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSLdevelopment team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2015-0209

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39832
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL