CVE-2015-1788

Source
https://nvd.nist.gov/vuln/detail/CVE-2015-1788
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-1788.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2015-1788
Downstream
Related
Published
2015-06-12T19:59:01Z
Modified
2025-08-09T19:01:29Z
Summary
[none]
Details

The BNGF2mmodinv function in crypto/bn/bngf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.

References

Affected packages