Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-3195

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

Published

2015-12-06T20:59:05.973

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	apple	mac_os_x	< 10.11.4	Yes
Application	oracle	api_gateway	11.1.2.3.0	Yes
Application	oracle	api_gateway	11.1.2.4.0	Yes
Application	oracle	communications_webrtc_session_controller	7.0	Yes
Application	oracle	communications_webrtc_session_controller	7.1	Yes
Application	oracle	communications_webrtc_session_controller	7.2	Yes
Application	oracle	exalogic_infrastructure	1.0	Yes
Application	oracle	exalogic_infrastructure	2.0	Yes
Application	oracle	http_server	11.5.10.2	Yes
Application	oracle	life_sciences_data_hub	2.1	Yes
Application	oracle	sun_ray_software	11.1	Yes
Application	oracle	transportation_management	6.1	Yes
Application	oracle	transportation_management	6.2	Yes
Application	oracle	vm_server	3.2	Yes
Application	oracle	vm_virtualbox	< 4.3.36	Yes
Application	oracle	vm_virtualbox	< 5.0.14	Yes
Operating System	oracle	integrated_lights_out_manager_firmware	≤ 4.0.4	Yes
Operating System	oracle	linux	5	Yes
Operating System	oracle	linux	6	Yes
Operating System	oracle	linux	7	Yes
Operating System	oracle	solaris	10	Yes
Operating System	oracle	solaris	11.3	Yes
Application	openssl	openssl	< 0.9.8zh	Yes
Application	openssl	openssl	< 1.0.0t	Yes
Application	openssl	openssl	< 1.0.1q	Yes
Application	openssl	openssl	< 1.0.2e	Yes
Operating System	redhat	enterprise_linux_desktop	5.0	Yes
Operating System	redhat	enterprise_linux_desktop	6.0	Yes
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_server	5.0	Yes
Operating System	redhat	enterprise_linux_server	6.0	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_server_aus	7.2	Yes
Operating System	redhat	enterprise_linux_server_aus	7.3	Yes
Operating System	redhat	enterprise_linux_server_aus	7.4	Yes
Operating System	redhat	enterprise_linux_server_aus	7.6	Yes
Operating System	redhat	enterprise_linux_server_aus	7.7	Yes
Operating System	redhat	enterprise_linux_server_tus	7.2	Yes
Operating System	redhat	enterprise_linux_server_tus	7.3	Yes
Operating System	redhat	enterprise_linux_server_tus	7.6	Yes
Operating System	redhat	enterprise_linux_server_tus	7.7	Yes
Operating System	redhat	enterprise_linux_workstation	5.0	Yes
Operating System	redhat	enterprise_linux_workstation	6.0	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes
Operating System	canonical	ubuntu_linux	12.04	Yes
Operating System	canonical	ubuntu_linux	14.04	Yes
Operating System	canonical	ubuntu_linux	15.04	Yes
Operating System	canonical	ubuntu_linux	15.10	Yes
Operating System	debian	debian_linux	7.0	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	opensuse	leap	42.1	Yes
Operating System	opensuse	opensuse	11.4	Yes
Operating System	opensuse	opensuse	13.1	Yes
Operating System	opensuse	opensuse	13.2	Yes
Operating System	suse	linux_enterprise_server	10	Yes
Operating System	fedoraproject	fedora	22	Yes

References

http://fortiguard.com/advisory/openssl-advisory-december-2015 Broken Link ([email protected])
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733 Third Party Advisory ([email protected])
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 Third Party Advisory ([email protected])
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 Third Party Advisory ([email protected])
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html Mailing List, Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html Mailing List, Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=145382583417444&w=2 Mailing List, Third Party Advisory ([email protected])
http://openssl.org/news/secadv/20151203.txt Vendor Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-2616.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-2617.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2016-2056.html Broken Link ([email protected])
http://rhn.redhat.com/errata/RHSA-2016-2957.html Third Party Advisory ([email protected])
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl Third Party Advisory ([email protected])
http://www.debian.org/security/2015/dsa-3413 Third Party Advisory ([email protected])
http://www.fortiguard.com/advisory/openssl-advisory-december-2015 Broken Link ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/78626 Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/91787 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1034294 Third Party Advisory, VDB Entry ([email protected])
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583 Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/USN-2830-1 Third Party Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf ([email protected])
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=cc598f321fbac9c04da5766243ed55d55948637d ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322 Third Party Advisory ([email protected])
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100 Third Party Advisory ([email protected])
https://support.apple.com/HT206167 Third Party Advisory ([email protected])
http://fortiguard.com/advisory/openssl-advisory-december-2015 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=145382583417444&w=2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://openssl.org/news/secadv/20151203.txt Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-2616.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-2617.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-2056.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-2957.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2015/dsa-3413 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.fortiguard.com/advisory/openssl-advisory-december-2015 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/78626 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/91787 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1034294 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2830-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf (af854a3a-2127-422b-91ae-364da2661108)
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=cc598f321fbac9c04da5766243ed55d55948637d (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT206167 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)