virus logo FortiClient Vulnerability

OpenSSL CVE-2015-1788 Denial of Service Vulnerability

description-logoDescription

Severity: ModerateWhen processing an ECParameters structure OpenSSL enters an infinite loop ifthe curve specified is over a specially malformed binary polynomial field.This can be used to perform denial of service against anysystem which processes public keys, certificate requests orcertificates. This includes TLS clients and TLS servers withclient authentication enabled.This issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below areaffected.OpenSSL 1.0.2 users should upgrade to 1.0.2bOpenSSL 1.0.1 users should upgrade to 1.0.1nOpenSSL 1.0.0d (and below) users should upgrade to 1.0.0sOpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zgThis issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. Thefix was developed by Andy Polyakov of the OpenSSL development team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2015-1788

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39834
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL