OpenSSL CVE-2015-3194 Denial of Service Vulnerability

description-logoDescription

Severity: ModerateThe signature verification routines will crash with a NULL pointer dereferenceif presented with an ASN.1 signature using the RSA PSS algorithm and absentmask generation function parameter. Since these routines are used to verifycertificate signature algorithms this can be used to crash any certificateverification operation and exploited in a DoS attack. Any application whichperforms certificate verification is vulnerable including OpenSSL clients andservers which enable client authentication.This issue affects OpenSSL versions 1.0.2 and 1.0.1.OpenSSL 1.0.2 users should upgrade to 1.0.2eOpenSSL 1.0.1 users should upgrade to 1.0.1qThis issue was reported to OpenSSL on August 27 2015 by Loc Jonas Etiennedevelopment team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2015-3194