virus logo FortiClient Vulnerability

OpenSSL CVE-2015-1787 Input Validation Bypass Vulnerability

description-logoDescription

The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2015-1787

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 73663
Created Nov 03, 2022
Description
Updated		 Dec 18, 2023
Risk black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor OpenSSL
Patch manual
Application OpenSSL