CVE-2015-1793

Priority
Medium
Description
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n,
1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic
Constraints cA values during identification of alternative certificate
chains, which allows remote attackers to spoof a Certification Authority
role and trigger unintended certificate verifications via a valid leaf
certificate.
References
Notes
 mdeslaur> introduced by the following commit in 1.0.2b and 1.0.1n:
 mdeslaur> https://git.openssl.org/?p=openssl.git;a=commit;h=6281abc79623419eae6a64768c478272d5d3a426
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.0.1f-1ubuntu2.15)
More Information

Updated: 2017-08-11 23:53:06 UTC (commit 13081)