Your submission was sent successfully! Close

CVE-2015-0288

Published: 17 March 2015

The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.

Priority

Low

Status

Package Release Status
openssl
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.0.1f-1ubuntu11)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.0.1f-1ubuntu11)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.0.1f-1ubuntu2.11)
Patches:
Upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=28a00bcd8e318da18031b2ac8778c64147cd54f9 (trunk)
Upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=51527f1e3564f210e984fe5b654c45d34e4f03d7 (1.0.1)
Upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=241cff623e2b0f7c435a3a80ae783c29d994f061 (0.9.8)
openssl098
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)