The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
History
07 Nov 2023, 02:25
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
13 Dec 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Jan 2021, 17:27
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html - Third Party Advisory | |
References | (CONFIRM) http://fortiguard.com/advisory/openssl-advisory-december-2015 - Broken Link | |
References | (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html - Third Party Advisory | |
References | (CONFIRM) http://www.fortiguard.com/advisory/openssl-advisory-december-2015 - Broken Link | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-2056.html - Broken Link | |
References | (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html - Third Party Advisory | |
References | (CONFIRM) https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d - Patch, Vendor Advisory | |
CPE | cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8zg:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.0s:*:*:*:*:*:*:* |
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:* cpe:2.3:a:oracle:http_server:11.5.10.2:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:* cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:* |
Information
Published : 2015-12-06 20:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-3195
Mitre link : CVE-2015-3195
CVE.ORG link : CVE-2015-3195
JSON object : View
Products Affected
openssl
- openssl
debian
- debian_linux
oracle
- api_gateway
- http_server
- vm_virtualbox
- integrated_lights_out_manager_firmware
- communications_webrtc_session_controller
- sun_ray_software
- transportation_management
- solaris
- linux
- life_sciences_data_hub
- vm_server
- exalogic_infrastructure
redhat
- enterprise_linux_server_aus
- enterprise_linux_server_tus
- enterprise_linux_workstation
- enterprise_linux_server
- enterprise_linux_desktop
suse
- linux_enterprise_server
apple
- mac_os_x
fedoraproject
- fedora
opensuse
- leap
- opensuse
canonical
- ubuntu_linux
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor