Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

UBUNTU-CVE-2015-1792 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceUBUNTU-CVE-2015-1792

UBUNTU-CVE-2015-1792

MEDIUM5.5

The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (i

Published Jun 11, 2015

Modified 6 months ago

Fix available

Details

The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.

Affected Packages

openssl

Ubuntu 14.04 LTS

Fixed in:

1.0.1f-1ubuntu2.15

References

https://ubuntu.com/security/CVE-2015-1792

https://ubuntu.com/security/notices/USN-2639-1

https://www.cve.org/CVERecord?id=CVE-2015-1792

https://www.openssl.org/news/secadv_20150611.txt

Upstream

Related

Ecosystems

Ubuntu 14.04 LTS

Timeline

PublishedJun 11, 2015

ModifiedSep 8, 2025