CVE-2015-1788

The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.

Affected Software

Name	Vendor	Start Version	End Version
Openssl	Openssl	*	0.9.8zf (including)
Openssl	Openssl	1.0.0 (including)	1.0.0 (including)
Openssl	Openssl	1.0.0-beta1 (including)	1.0.0-beta1 (including)
Openssl	Openssl	1.0.0-beta2 (including)	1.0.0-beta2 (including)
Openssl	Openssl	1.0.0-beta3 (including)	1.0.0-beta3 (including)
Openssl	Openssl	1.0.0-beta4 (including)	1.0.0-beta4 (including)
Openssl	Openssl	1.0.0-beta5 (including)	1.0.0-beta5 (including)
Openssl	Openssl	1.0.0a (including)	1.0.0a (including)
Openssl	Openssl	1.0.0b (including)	1.0.0b (including)
Openssl	Openssl	1.0.0c (including)	1.0.0c (including)
Openssl	Openssl	1.0.0d (including)	1.0.0d (including)
Openssl	Openssl	1.0.0e (including)	1.0.0e (including)
Openssl	Openssl	1.0.0f (including)	1.0.0f (including)
Openssl	Openssl	1.0.0g (including)	1.0.0g (including)
Openssl	Openssl	1.0.0h (including)	1.0.0h (including)
Openssl	Openssl	1.0.0i (including)	1.0.0i (including)
Openssl	Openssl	1.0.0j (including)	1.0.0j (including)
Openssl	Openssl	1.0.0k (including)	1.0.0k (including)
Openssl	Openssl	1.0.0l (including)	1.0.0l (including)
Openssl	Openssl	1.0.0m (including)	1.0.0m (including)
Openssl	Openssl	1.0.0n (including)	1.0.0n (including)
Openssl	Openssl	1.0.0o (including)	1.0.0o (including)
Openssl	Openssl	1.0.0p (including)	1.0.0p (including)
Openssl	Openssl	1.0.0q (including)	1.0.0q (including)
Openssl	Openssl	1.0.0r (including)	1.0.0r (including)
Openssl	Openssl	1.0.1 (including)	1.0.1 (including)
Openssl	Openssl	1.0.1-beta1 (including)	1.0.1-beta1 (including)
Openssl	Openssl	1.0.1-beta2 (including)	1.0.1-beta2 (including)
Openssl	Openssl	1.0.1-beta3 (including)	1.0.1-beta3 (including)
Openssl	Openssl	1.0.1a (including)	1.0.1a (including)
Openssl	Openssl	1.0.1b (including)	1.0.1b (including)
Openssl	Openssl	1.0.1c (including)	1.0.1c (including)
Openssl	Openssl	1.0.1d (including)	1.0.1d (including)
Openssl	Openssl	1.0.1e (including)	1.0.1e (including)
Openssl	Openssl	1.0.1f (including)	1.0.1f (including)
Openssl	Openssl	1.0.1g (including)	1.0.1g (including)
Openssl	Openssl	1.0.1h (including)	1.0.1h (including)
Openssl	Openssl	1.0.1i (including)	1.0.1i (including)
Openssl	Openssl	1.0.1j (including)	1.0.1j (including)
Openssl	Openssl	1.0.1k (including)	1.0.1k (including)
Openssl	Openssl	1.0.1l (including)	1.0.1l (including)
Openssl	Openssl	1.0.1m (including)	1.0.1m (including)
Openssl	Openssl	1.0.2 (including)	1.0.2 (including)
Openssl	Openssl	1.0.2-beta1 (including)	1.0.2-beta1 (including)
Openssl	Openssl	1.0.2a (including)	1.0.2a (including)
Openssl	Ubuntu	artful	*
Openssl	Ubuntu	bionic	*
Openssl	Ubuntu	cosmic	*
Openssl	Ubuntu	devel	*
Openssl	Ubuntu	disco	*
Openssl	Ubuntu	precise	*
Openssl	Ubuntu	trusty	*
Openssl	Ubuntu	utopic	*
Openssl	Ubuntu	vivid	*
Openssl	Ubuntu	vivid/stable-phone-overlay	*
Openssl	Ubuntu	vivid/ubuntu-core	*
Openssl	Ubuntu	wily	*
Openssl	Ubuntu	xenial	*
Openssl	Ubuntu	yakkety	*
Openssl	Ubuntu	zesty	*
Openssl098	Ubuntu	precise	*
Openssl098	Ubuntu	trusty	*
Openssl098	Ubuntu	utopic	*
Openssl098	Ubuntu	vivid	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-1788
CWE	https://cwe.mitre.org/data/definitions/399.html

Affected Software

References