Severity: Unknown
Affected Package: openssl
Summary: OpenSSL multiple vulnerabilities (use-after-free, NULL deref, memory corruption)
Multiple OpenSSL vulnerabilities were fixed, including a use-after-free in d2i_ECPrivateKey, an invalid read crash in ASN1_TYPE_cmp, memory corruption via reused ASN.1 structures, a NULL pointer dereference in X509_to_X509_REQ, mishandled PKCS#7 parsing, and an assertion failure reachable via a crafted SSLv2 CLIENT-MASTER-KEY message. These allow denial of service and potentially memory corruption.
No specific recommendations provided.
Aliases: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293
Published: March 19, 2015
Last Modified: March 19, 2015