1. CVE-Search
  2. CVE-2015-1182
ID CVE-2015-1182
Summary The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate. <a href="http://cwe.mitre.org/data/definitions/824.html">CWE-824: Access of Uninitialized Pointer</a>
References
Vulnerable Configurations
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.3.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.3.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.3.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.3.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:polarssl:polarssl:1.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:polarssl:polarssl:1.3.9:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
debian DSA-3136
fedora
  • FEDORA-2015-0991
  • FEDORA-2015-1045
gentoo GLSA-201801-15
secunia
  • 62270
  • 62610
suse openSUSE-SU-2015:0186
Last major update 30-10-2018 - 16:27
Published 27-01-2015 - 20:59
Last modified 30-10-2018 - 16:27
Back to Top