OpenSSL Elliptic Curve Binary Polynomial Field Resource Exhaustion (CVE-2015-1788)

A denial of service vulnerability has been reported in OpenSSL. The vulnerability is due to a missing validity check of Elliptic Curve parameters within BNGF2mmodinv. A remote attacker can exploit this vulnerability by sending a crafted certificate to a vulnerable OpenSSL client or server...

OpenSSL BN_GF2m_mod_inv Function Denial of Service Vulnerability

OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. A security vulnerability exists in the 'BNGF2mmodinv' function in the crypto/bn/bngf2m.c file of OpenSSL due to the program failing t...

DEBIAN-CVE-2015-1788

The BNGF2mmodinv function in crypto/bn/bngf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a...

CVE-2015-1788

OpenSSL CVE-2015-1788 affects BN_GF2m_mod_inv in bn_gf2m.c and occurs when ECParameters specify a curve over a malformed binary polynomial field. This can allow a remote attacker to cause a denial-of-service (infinite loop) on a server or client that uses Elliptic Curve algorithms. The issue is f...

OpenSSL 1.0.0 < 1.0.0e Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.0e. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0e advisory. - The BNGF2mmodinv function in crypto/bn/bngf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 befo...