CVE-2015-1182

Published: Jan 27, 2015Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.

Affected (38)

Products: Opensuse: Opensuse · Polarssl: Polarssl

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.2

Configuration B

37 vulnerable

Vulnerable Software	Affected Versions
Polarssl Polarssl	Version 1.0.0
Polarssl Polarssl	Version 1.1.0
Polarssl Polarssl	Version 1.1.0 rc0
Polarssl Polarssl	Version 1.1.0 rc1
Polarssl Polarssl	Version 1.1.1
Polarssl Polarssl	Version 1.1.2
Polarssl Polarssl	Version 1.1.3
Polarssl Polarssl	Version 1.1.4
Polarssl Polarssl	Version 1.1.5
Polarssl Polarssl	Version 1.1.6
Polarssl Polarssl	Version 1.1.7
Polarssl Polarssl	Version 1.1.8
Polarssl Polarssl	Version 1.2.0
Polarssl Polarssl	Version 1.2.10
Polarssl Polarssl	Version 1.2.11
Polarssl Polarssl	Version 1.2.12
Polarssl Polarssl	Version 1.2.1
Polarssl Polarssl	Version 1.2.2
Polarssl Polarssl	Version 1.2.3
Polarssl Polarssl	Version 1.2.4
Polarssl Polarssl	Version 1.2.5
Polarssl Polarssl	Version 1.2.6
Polarssl Polarssl	Version 1.2.7
Polarssl Polarssl	Version 1.2.8
Polarssl Polarssl	Version 1.2.9
Polarssl Polarssl	Version 1.3.0
Polarssl Polarssl	Version 1.3.0 alpha1
Polarssl Polarssl	Version 1.3.0 rc0
Polarssl Polarssl	Version 1.3.1
Polarssl Polarssl	Version 1.3.2
Polarssl Polarssl	Version 1.3.3
Polarssl Polarssl	Version 1.3.4
Polarssl Polarssl	Version 1.3.5
Polarssl Polarssl	Version 1.3.6
Polarssl Polarssl	Version 1.3.7
Polarssl Polarssl	Version 1.3.8
Polarssl Polarssl	Version 1.3.9