7.5

CVE-2015-1182

The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpensuseOpensuse Version13.2
PolarsslPolarssl Version1.0.0
PolarsslPolarssl Version1.1.0
PolarsslPolarssl Version1.1.0 Updaterc0
PolarsslPolarssl Version1.1.0 Updaterc1
PolarsslPolarssl Version1.1.1
PolarsslPolarssl Version1.1.2
PolarsslPolarssl Version1.1.3
PolarsslPolarssl Version1.1.4
PolarsslPolarssl Version1.1.5
PolarsslPolarssl Version1.1.6
PolarsslPolarssl Version1.1.7
PolarsslPolarssl Version1.1.8
PolarsslPolarssl Version1.2.0
PolarsslPolarssl Version1.2.1
PolarsslPolarssl Version1.2.2
PolarsslPolarssl Version1.2.3
PolarsslPolarssl Version1.2.4
PolarsslPolarssl Version1.2.5
PolarsslPolarssl Version1.2.6
PolarsslPolarssl Version1.2.7
PolarsslPolarssl Version1.2.8
PolarsslPolarssl Version1.2.9
PolarsslPolarssl Version1.2.10
PolarsslPolarssl Version1.2.11
PolarsslPolarssl Version1.2.12
PolarsslPolarssl Version1.3.0
PolarsslPolarssl Version1.3.0 Updatealpha1
PolarsslPolarssl Version1.3.0 Updaterc0
PolarsslPolarssl Version1.3.1
PolarsslPolarssl Version1.3.2
PolarsslPolarssl Version1.3.3
PolarsslPolarssl Version1.3.4
PolarsslPolarssl Version1.3.5
PolarsslPolarssl Version1.3.6
PolarsslPolarssl Version1.3.7
PolarsslPolarssl Version1.3.8
PolarsslPolarssl Version1.3.9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.7% 0.816
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P