Lucene search

K
cve[email protected]CVE-2015-1182
HistoryJan 27, 2015 - 8:59 p.m.

CVE-2015-1182

2015-01-2720:59:00
NVD-CWE-Other
web.nvd.nist.gov
45
polarssl
asn1_get_sequence_of
vulnerability
cve-2015-1182
denial of service
code execution
nvd
certificate
security vulnerability

6.3 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.042 Low

EPSS

Percentile

92.0%

The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.

6.3 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.042 Low

EPSS

Percentile

92.0%