OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVEID: CVE-2015-1788**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103778> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
IBM Tivoli Directory Server 6.3
IBM Security Directory Server 6.3.1, 6.4
Apply GSKit 8.0.50.44 or later from the following fix directories.
Affected products and Versions | Fix Availabilitiy |
---|---|
IBM Tivoli Directory Server 6.3 | IBM Tivoli Directory Server 6.3.0.37 |
IBM Security Directory Server 6.3.1 | IBM Security Directory Server 6.3.1.11 |
IBM Security Directory Server 6.4 | IBM Security Directory Server 6.4.0.2 |
CPE | Name | Operator | Version |
---|---|---|---|
ibm security directory server | eq | 6.3 | |
ibm security directory server | eq | 6.3.1 | |
ibm security directory server | eq | 6.4 |