Your submission was sent successfully! Close

CVE-2015-2319

Published: 18 March 2015

The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
mono
Launchpad, Ubuntu, Debian
Upstream
Released (3.2.8+dfsg-10,2.6.7-5.1+deb6u1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.2.8+dfsg-4ubuntu1.1)
Patches:
Upstream: https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10
Upstream: https://gist.github.com/directhex/728af6f96d1b8c976659 (prior to 3.x)