virus logo FortiClient Vulnerability

OpenSSL CVE-2015-0288 Vulnerability

description-logoDescription

Severity: LowThe function X509_to_X509_REQ will crash with a NULL pointer dereference ifthe certificate key is invalid. This function is rarely used in practice.This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0and 0.9.8.OpenSSL 1.0.2 users should upgrade to 1.0.2aOpenSSL 1.0.1 users should upgrade to 1.0.1m.OpenSSL 1.0.0 users should upgrade to 1.0.0r.OpenSSL 0.9.8 users should upgrade to 0.9.8zf.This issue was discovered by Brian Carpenter and a fix developed by StephenHenson of the OpenSSL development team.NoteAs per our previous announcements and our Release Strategy1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for thesereleases will be provided after that date. Users of these releases are advisedto upgrade.ReferencesURL for this Security Advisory:https://www.openssl.org/news/secadv_20150319.txtNote: the online version of the advisory may be updated with additionaldetails over time.For details of OpenSSL severity classifications please see:https://www.openssl.org/about/secpolicy.html

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2015-0288

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39833
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL