Unrated severityNVD Advisory· Published Jan 27, 2015· Updated May 6, 2026
CVE-2015-1182
CVE-2015-1182
Description
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.
Affected products
38cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*+ 36 more
- cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.debian.org/security/2015/dsa-3136nvdVendor Advisory
- polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04nvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-January/148829.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-January/148903.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-02/msg00003.htmlnvd
- secunia.com/advisories/62270nvd
- secunia.com/advisories/62610nvd
- security.gentoo.org/glsa/201801-15nvd
News mentions
0No linked articles in our index yet.