OpenSSL CVE-2015-1792 Denial of Service Vulnerability

description-logoDescription

Severity: ModerateWhen verifying a signedData message the CMS code can enter an infinite loopif presented with an unknown hash function OID.This can be used to perform denial of service against any system whichverifies signedData messages using the CMS code.This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.OpenSSL 1.0.2 users should upgrade to 1.0.2bOpenSSL 1.0.1 users should upgrade to 1.0.1nOpenSSL 1.0.0 users should upgrade to 1.0.0sOpenSSL 0.9.8 users should upgrade to 0.9.8zgThis issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. Thefix was developed by Dr. Stephen Henson of the OpenSSL development team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2015-1792