OpenSSL CVE-2015-1792 Denial of Service Vulnerability
Description
Severity: ModerateWhen verifying a signedData message the CMS code can enter an infinite loopif presented with an unknown hash function OID.This can be used to perform denial of service against any system whichverifies signedData messages using the CMS code.This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.OpenSSL 1.0.2 users should upgrade to 1.0.2bOpenSSL 1.0.1 users should upgrade to 1.0.1nOpenSSL 1.0.0 users should upgrade to 1.0.0sOpenSSL 0.9.8 users should upgrade to 0.9.8zgThis issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. Thefix was developed by Dr. Stephen Henson of the OpenSSL development team.
Affected Applications
OpenSSL