Rockwell Automation Stratix OpenSSL Elliptic Curve d2i_ECPrivateKey Denial of Service (CVE-2015-0209)

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or corrupt portions of OpenSSL process memory. This plugin only works with Tenable.ot. Pleas...

K16323: OpenSSL vulnerability CVE-2015-0209

Security Advisory Description Use-after-free vulnerability in the d2iECPrivateKey function in crypto/ec/ecasn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service memory corruption and application...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service. The vulnerability exists in the d2iECPrivateKey function due to a use-after-free which allows an attacker to crash the application via a malformed Elliptic Curve private-key file...

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:0541-1)

OpenSSL was updated to fix various security issues. Following security issues were fixed : - CVE-2015-0209: A Use After Free following d2iECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client...

OracleVM 3.3 : openssl (OVMSA-2015-0039)

The remote OracleVM system is missing necessary patches to address critical security updates : - update fix for CVE-2015-0287 to what was released upstream - fix CVE-2015-0209 - potential use after free in d2iECPrivateKey - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison - fix...

openssl security update

1.0.1e-30.7 - update fix for CVE-2015-0287 to what was released upstream 1.0.1e-30.6 - fix CVE-2015-0209 - potential use after free in d2iECPrivateKey - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption - fix...

CVE-2015-0209

Use-after-free vulnerability in the d2iECPrivateKey function in crypto/ec/ecasn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service memory corruption and application crash or possibly have...

Design/Logic Flaw

Use-after-free vulnerability in the d2iECPrivateKey function in crypto/ec/ecasn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service memory corruption and application crash or possibly have...

Vulnerability in OpenSSL - Use After Free following d2i_ECPrivatekey error

Use After Free following d2iECPrivatekey error. A malformed EC private key file consumed via the d2iECPrivateKey function could cause a use after free condition. This, in turn, could cause a double free in several private key parsing functions such as d2iPrivateKey or EVPPKCS82PKEY and could lead...