[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2015-3195

Date: (C)2015-12-15   (M)2017-10-26
 
CVSS Score: 5.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL











The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

Reference:
SECTRACK-1034294
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
BID-78626
BID-91787
APPLE-SA-2016-03-21-5
DSA-3413
FEDORA-2015-d87d60b9a9
HPSBGN03536
RHSA-2015:2616
RHSA-2015:2617
SSA:2015-349-04
SUSE-SU-2016:0678
USN-2830-1
http://fortiguard.com/advisory/openssl-advisory-december-2015
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://openssl.org/news/secadv/20151203.txt
http://www.fortiguard.com/advisory/openssl-advisory-december-2015
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
https://support.apple.com/HT206167
openSUSE-SU-2015:2288
openSUSE-SU-2015:2289
openSUSE-SU-2015:2318
openSUSE-SU-2015:2349
openSUSE-SU-2016:0637
openSUSE-SU-2016:0640

CPE    45
cpe:/a:oracle:vm_virtualbox:5.0.14
cpe:/a:oracle:vm_virtualbox:4.3.36
cpe:/a:openssl:openssl:1.0.2
cpe:/a:openssl:openssl:1.0.2b
...
CWE    1
CWE-200
OVAL    18
oval:org.secpod.oval:def:602296
oval:org.secpod.oval:def:501726
oval:org.secpod.oval:def:109800
oval:org.secpod.oval:def:33380
...

© 2013 SecPod Technologies