CVE-2015-1787 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-1787 Interim 1 10 2024-07-03T02:27:57Z current 2021-05-30T13:27:56Z 2024-07-03T02:27:57Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-1787 The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/kb/doc/?id=7016336 E-Mail link for TID7016336 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP3 libopenssl-devel libopenssl0_9_8 libopenssl0_9_8-32bit libopenssl0_9_8-hmac libopenssl0_9_8-hmac-32bit libopenssl0_9_8-hmac-x86 libopenssl0_9_8-x86 openssl openssl-doc libopenssl0_9_8 as a component of SUSE Linux Enterprise Desktop 11 SP2 libopenssl0_9_8-32bit as a component of SUSE Linux Enterprise Desktop 11 SP2 openssl as a component of SUSE Linux Enterprise Desktop 11 SP2 libopenssl0_9_8 as a component of SUSE Linux Enterprise Desktop 11 SP3 libopenssl0_9_8-32bit as a component of SUSE Linux Enterprise Desktop 11 SP3 openssl as a component of SUSE Linux Enterprise Desktop 11 SP3 openssl as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata libopenssl0_9_8 as a component of SUSE Linux Enterprise Server 11 SP2 libopenssl0_9_8-32bit as a component of SUSE Linux Enterprise Server 11 SP2 libopenssl0_9_8-hmac as a component of SUSE Linux Enterprise Server 11 SP2 libopenssl0_9_8-hmac-32bit as a component of SUSE Linux Enterprise Server 11 SP2 libopenssl0_9_8-hmac-x86 as a component of SUSE Linux Enterprise Server 11 SP2 libopenssl0_9_8-x86 as a component of SUSE Linux Enterprise Server 11 SP2 openssl as a component of SUSE Linux Enterprise Server 11 SP2 openssl-doc as a component of SUSE Linux Enterprise Server 11 SP2 openssl as a component of SUSE Linux Enterprise Server 11 SP2 LTSS libopenssl0_9_8 as a component of SUSE Linux Enterprise Server 11 SP3 libopenssl0_9_8-32bit as a component of SUSE Linux Enterprise Server 11 SP3 libopenssl0_9_8-hmac as a component of SUSE Linux Enterprise Server 11 SP3 libopenssl0_9_8-hmac-32bit as a component of SUSE Linux Enterprise Server 11 SP3 libopenssl0_9_8-x86 as a component of SUSE Linux Enterprise Server 11 SP3 openssl as a component of SUSE Linux Enterprise Server 11 SP3 openssl-doc as a component of SUSE Linux Enterprise Server 11 SP3 libopenssl-devel as a component of SUSE Linux Enterprise Software Development Kit 11 SP2 openssl as a component of SUSE Linux Enterprise Software Development Kit 11 SP2 libopenssl-devel as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 openssl as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero. CVE-2015-1787 SUSE Linux Enterprise Desktop 11 SP2:libopenssl0_9_8 SUSE Linux Enterprise Desktop 11 SP2:libopenssl0_9_8-32bit SUSE Linux Enterprise Desktop 11 SP2:openssl SUSE Linux Enterprise Desktop 11 SP3:libopenssl0_9_8 SUSE Linux Enterprise Desktop 11 SP3:libopenssl0_9_8-32bit SUSE Linux Enterprise Desktop 11 SP3:openssl SUSE Linux Enterprise Server 11 SP1 for Teradata:openssl SUSE Linux Enterprise Server 11 SP2 LTSS:openssl SUSE Linux Enterprise Server 11 SP2:libopenssl0_9_8 SUSE Linux Enterprise Server 11 SP2:libopenssl0_9_8-32bit SUSE Linux Enterprise Server 11 SP2:libopenssl0_9_8-hmac SUSE Linux Enterprise Server 11 SP2:libopenssl0_9_8-hmac-32bit SUSE Linux Enterprise Server 11 SP2:libopenssl0_9_8-hmac-x86 SUSE Linux Enterprise Server 11 SP2:libopenssl0_9_8-x86 SUSE Linux Enterprise Server 11 SP2:openssl SUSE Linux Enterprise Server 11 SP2:openssl-doc SUSE Linux Enterprise Server 11 SP3:libopenssl0_9_8 SUSE Linux Enterprise Server 11 SP3:libopenssl0_9_8-32bit SUSE Linux Enterprise Server 11 SP3:libopenssl0_9_8-hmac SUSE Linux Enterprise Server 11 SP3:libopenssl0_9_8-hmac-32bit SUSE Linux Enterprise Server 11 SP3:libopenssl0_9_8-x86 SUSE Linux Enterprise Server 11 SP3:openssl SUSE Linux Enterprise Server 11 SP3:openssl-doc SUSE Linux Enterprise Software Development Kit 11 SP2:libopenssl-devel SUSE Linux Enterprise Software Development Kit 11 SP2:openssl SUSE Linux Enterprise Software Development Kit 11 SP3:libopenssl-devel SUSE Linux Enterprise Software Development Kit 11 SP3:openssl low 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P