{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"OpenSSL Vulnerabilities"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: PAN-SA-2016-0028","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-07-15T09:57:42.173Z","generator":{"date":"2026-07-15T09:57:42.173Z","engine":{"name":"Vulnogram","version":"0.0.9"}},"id":"PAN-SA-2016-0028","initial_release_date":"2016-10-18T18:30:00.000Z","revision_history":[{"number":"1","date":"2026-07-15T02:57:42.000Z","summary":"Initial release"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"PAN-OS","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/PAN-OS<=5.0.19","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-440"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=5.0.20","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-441"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<=5.1.12","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-442"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=5.1.13","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-443"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<=6.0.13","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-460"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=6.0.14","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-444"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<=6.1.12","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-452"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=6.1.13","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-453"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<=7.0.7","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-454"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=7.0.8","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-455"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2015-4000","product_status":{"fixed":["PANW-PAN-OS-441","PANW-PAN-OS-443","PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-455"],"known_affected":["PANW-PAN-OS-440","PANW-PAN-OS-442","PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-454"]},"notes":[{"category":"description","text":"The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue."}],"references":[{"category":"external","summary":"NVD - CVE-2015-4000","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-4000"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0028","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0028"}],"threats":[{"category":"impact","description":"The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue."}]},{"cve":"CVE-2015-1788","product_status":{"fixed":["PANW-PAN-OS-441","PANW-PAN-OS-443","PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-455"],"known_affected":["PANW-PAN-OS-440","PANW-PAN-OS-442","PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-454"]},"notes":[{"category":"description","text":"The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication."}],"references":[{"category":"external","summary":"NVD - CVE-2015-1788","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1788"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0028","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0028"}],"threats":[{"category":"impact","description":"The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication."}]},{"cve":"CVE-2015-1789","product_status":{"fixed":["PANW-PAN-OS-441","PANW-PAN-OS-443","PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-455"],"known_affected":["PANW-PAN-OS-440","PANW-PAN-OS-442","PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-454"]},"notes":[{"category":"description","text":"The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback."}],"references":[{"category":"external","summary":"NVD - CVE-2015-1789","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1789"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0028","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0028"}],"threats":[{"category":"impact","description":"The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback."}]},{"cve":"CVE-2015-1790","product_status":{"fixed":["PANW-PAN-OS-441","PANW-PAN-OS-443","PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-455"],"known_affected":["PANW-PAN-OS-440","PANW-PAN-OS-442","PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-454"]},"notes":[{"category":"description","text":"The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data."}],"references":[{"category":"external","summary":"NVD - CVE-2015-1790","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1790"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0028","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0028"}],"threats":[{"category":"impact","description":"The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data."}]},{"cve":"CVE-2015-1792","product_status":{"fixed":["PANW-PAN-OS-441","PANW-PAN-OS-443","PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-455"],"known_affected":["PANW-PAN-OS-440","PANW-PAN-OS-442","PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-454"]},"notes":[{"category":"description","text":"The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function."}],"references":[{"category":"external","summary":"NVD - CVE-2015-1792","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1792"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0028","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0028"}],"threats":[{"category":"impact","description":"The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function."}]},{"cve":"CVE-2015-1791","product_status":{"fixed":["PANW-PAN-OS-441","PANW-PAN-OS-443","PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-455"],"known_affected":["PANW-PAN-OS-440","PANW-PAN-OS-442","PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-454"]},"notes":[{"category":"description","text":"Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier."}],"references":[{"category":"external","summary":"NVD - CVE-2015-1791","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1791"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0028","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0028"}],"threats":[{"category":"impact","description":"Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier."}]},{"cve":"CVE-2014-8176","product_status":{"fixed":["PANW-PAN-OS-441","PANW-PAN-OS-443","PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-455"],"known_affected":["PANW-PAN-OS-440","PANW-PAN-OS-442","PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-454"]},"notes":[{"category":"description","text":"The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data."}],"references":[{"category":"external","summary":"NVD - CVE-2014-8176","url":"https://nvd.nist.gov/vuln/detail/CVE-2014-8176"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0028","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0028"}],"threats":[{"category":"impact","description":"The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data."}]}]}