virus logo FortiClient Vulnerability

OpenSSL CVE-2015-1794 Numeric Errors Vulnerability

description-logoDescription

Severity: LowIf a client receives a ServerKeyExchange for an anonymous DH ciphersuite withthe value of p set to 0 then a seg fault can occur leading to a possible denialof service attack.This issue affects OpenSSL version 1.0.2.OpenSSL 1.0.2 users should upgrade to 1.0.2eThis issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). Thefix was developed by Matt Caswell of the OpenSSL development team.NoteAs per our previous announcements and our Release Strategy1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for theseversions will be provided after that date. In the absence of significantsecurity issues being identified prior to that date, the 1.0.0t and 0.9.8zhreleases will be the last for those versions. Users of these versions areadvised to upgrade.ReferencesURL for this Security Advisory:https://www.openssl.org/news/secadv/20151203.txtNote: the online version of the advisory may be updated with additionaldetails over time.For details of OpenSSL severity classifications please see:https://www.openssl.org/about/secpolicy.html

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2015-1794

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39845
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL