Unrated severityNVD Advisory· Published Jan 27, 2015· Updated Jun 17, 2026
CVE-2015-1182
CVE-2015-1182
Description
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
42cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*+ 37 more
- cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:polarssl:polarssl:1.3.9:*:*:*:*:*:*:*
- (no CPE)range: >=1.0 <=1.2.12, >=1.3 <=1.3.9
- osv-coords3 versionspkg:rpm/opensuse/mbedtls-2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mbedtls-3&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mbedtls&distro=openSUSE%20Tumbleweed
< 2.28.3-1.1+ 2 more
- (no CPE)range: < 2.28.3-1.1
- (no CPE)range: < 3.6.6-1.1
- (no CPE)range: < 2.4.0-1.2
Patches
Vulnerability mechanics
References
8- www.debian.org/security/2015/dsa-3136nvdVendor Advisory
- polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04nvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-January/148829.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-January/148903.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-02/msg00003.htmlnvd
- secunia.com/advisories/62270nvd
- secunia.com/advisories/62610nvd
- security.gentoo.org/glsa/201801-15nvd
News mentions
0No linked articles in our index yet.