CVE-2015-1794 | Vulnerability Database | Aqua Security

The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.

Affected Software

Name	Vendor	Start Version	End Version
Openssl	Openssl	1.0.2 (including)	1.0.2 (including)
Openssl	Openssl	1.0.2a (including)	1.0.2a (including)
Openssl	Openssl	1.0.2b (including)	1.0.2b (including)
Openssl	Openssl	1.0.2c (including)	1.0.2c (including)
Openssl	Openssl	1.0.2d (including)	1.0.2d (including)
Openssl	Ubuntu	devel	*
Openssl	Ubuntu	upstream	*
Openssl	Ubuntu	vivid/stable-phone-overlay	*
Openssl	Ubuntu	vivid/ubuntu-core	*
Openssl	Ubuntu	wily	*

References

http://fortiguard.com/advisory/openssl-advisory-december-2015
http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759
http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
http://openssl.org/news/secadv/20151203.txt
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.securitytracker.com/id/1034294
http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583
http://www.ubuntu.com/usn/USN-2830-1
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=ada57746b6b80beae73111fe1291bf8dd89af91c
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-1794
CWE	https://cwe.mitre.org/data/definitions/189.html