Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2015-1792 | Mondoo Vulnerability Intelligence

CVE-2015-1792

UNKNOWN

The do_free_upto function in crypto/cms/cms_smime

Published Jun 12, 2015

Modified 1 years ago

No fix available

Details

The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.

References

WEBhttp://fortiguard.com/advisory/openssl-vulnerabilities-june-2015 ADVISORYhttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc WEBhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694 ADVISORYhttp://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html ADVISORYhttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html ADVISORYhttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html ADVISORYhttp://marc.info/?l=bugtraq&m=143654156615516&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=143880121627664&w=2 ADVISORYhttp://marc.info/?l=bugtraq&m=144050155601375&w=2 ADVISORYhttp://rhn.redhat.com/errata/RHSA-2015-1115.html ADVISORYhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl ADVISORYhttp://www.debian.org/security/2015/dsa-3287 WEBhttp://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015 WEBhttp://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015 WEBhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html WEBhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html WEBhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html WEBhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html WEBhttp://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html WEBhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html WEBhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html WEBhttp://www.securityfocus.com/bid/75154 WEBhttp://www.securityfocus.com/bid/91787 WEBhttp://www.securitytracker.com/id/1032564 ADVISORYhttp://www.ubuntu.com/usn/USN-2639-1 WEBhttps://bto.bluecoat.com/security-advisory/sa98 WEBhttps://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf WEBhttps://github.com/openssl/openssl/commit/cd30f03ac5bf2962f44bd02ae8d88245dff2f12c WEBhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763 WEBhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044 WEBhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 WEBhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 WEBhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351 WEBhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965 WEBhttps://kc.mcafee.com/corporate/index?page=content&id=SB10122 WEBhttps://openssl.org/news/secadv/20150611.txt ADVISORYhttps://security.gentoo.org/glsa/201506-02 WEBhttps://support.apple.com/kb/HT205031 WEBhttps://support.citrix.com/article/CTX216642 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2015-1792 WEBhttps://www.openssl.org/news/secadv_20150611.txt

CVSS Analysis

CVSS v2.0

Exploitability

Access Vector

NetworkAV:N

Access Complexity

LowAC:L

Authentication

NoneAu:N

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

PartialA:P

5/AV:N/AC:L/Au:N/C:N/I:N/A:P

Ecosystems

Timeline

PublishedJun 12, 2015

ModifiedAug 6, 2024