Problem

CVE-2015-0287 is a vulnerability in OpenSSL:

-----------

Reusing a structure in ASN.1 parsing may allow an attacker to cause
memory corruption via an invalid write. Such reuse is and has been
strongly discouraged and is believed to be rare.

Applications that parse structures containing CHOICE or ANY DEFINED BY
components may be affected. Certificate parsing (d2i_X509 and related
functions) are however not affected. OpenSSL clients and servers are
not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.

Is Gateway vulnerable to this attack?

Resolution

Gateway 6.14.1 and 6.15.0 use OpenSSL 0.9.8e. However, they do not use the ASN.1 encoding/decoding functions, and therefore are not vulnerable.