Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2015-3195

Published: 06/12/2015 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Mac Os X

Vulnerability Summary

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL prior to 0.9.8zh, 1.0.0 prior to 1.0.0t, 1.0.1 prior to 1.0.1q, and 1.0.2 prior to 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote malicious users to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x

oracle sun ray software 11.1

oracle transportation management 6.1

oracle life sciences data hub 2.1

oracle transportation management 6.2

oracle api gateway 11.1.2.3.0

oracle exalogic infrastructure 1.0

oracle solaris 11.3

oracle api gateway 11.1.2.4.0

oracle exalogic infrastructure 2.0

oracle solaris 10

oracle communications webrtc session controller 7.0

oracle communications webrtc session controller 7.2

oracle communications webrtc session controller 7.1

oracle vm virtualbox

oracle linux 5

oracle vm server 3.2

oracle linux 6

oracle linux 7

oracle http server 11.5.10.2

oracle integrated lights out manager firmware

openssl openssl

redhat enterprise linux desktop 7.0

redhat enterprise linux server 5.0

redhat enterprise linux server aus 7.2

redhat enterprise linux workstation 7.0

redhat enterprise linux server tus 7.2

redhat enterprise linux server 7.0

redhat enterprise linux workstation 5.0

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux server tus 7.3

redhat enterprise linux desktop 5.0

redhat enterprise linux server aus 7.3

redhat enterprise linux server aus 7.4

redhat enterprise linux server tus 7.6

redhat enterprise linux server aus 7.6

redhat enterprise linux server aus 7.7

redhat enterprise linux server tus 7.7

canonical ubuntu linux 15.10

canonical ubuntu linux 15.04

canonical ubuntu linux 14.04

canonical ubuntu linux 12.04

debian debian linux 8.0

debian debian linux 7.0

opensuse opensuse 11.4

suse linux enterprise server 10

opensuse leap 42.1

opensuse opensuse 13.1

opensuse opensuse 13.2

fedoraproject fedora 22

Vendor Advisories

Ubuntu Security Notice: openssl vulnerabilities
Several security issues were fixed in OpenSSL ...
Debian Security Advisories: DSA-3413-1 openssl -- security update
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-3194 Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NULL pointer dereference if presented with an A ...
Red Hat: Moderate: openssl security update
Synopsis Moderate: openssl security update Type/Severity Security Advisory: Moderate Topic Updated openssl packages that fix three security issues are now availablefor Red Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulnerability Scor ...
Red Hat: Moderate: openssl security update
Synopsis Moderate: openssl security update Type/Severity Security Advisory: Moderate Topic Updated openssl packages that fix one security issue are now availablefor Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having Moderate securityimpact A Common Vulnerability Scoring Sys ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release
Synopsis Important: Red Hat JBoss Core Services Apache HTTP 2423 Release Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services httpd 2423 is now available from the Red Hat Customer Portal for Solaris and Microsoft Windows systemsRed Hat Product Security has rated this release as ...
Amazon Linux AMI: ALAS-2015-614
A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication (CVE-2015-3194) A memory leak vulnerability was found in the way OpenSSL parsed PK ...
Red Hat: CVE-2015-3195
A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash ...
Cisco: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
On December 3, 2015, the OpenSSL Project released a security advisory detailing five vulnerabilities Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition This advisory will be updated as addi ...
Tenable Security Advisories: [R7] OpenSSL '20151203' Advisory Affects Tenable SecurityCenter
SecurityCenter and the Tenable Appliance are potentially impacted by vulnerabilities in OpenSSL that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of the issue, Tenable has opted to patch the included version of OpenSSL as a precaution, and to save time CVE-2015-3194 - crypto/rsa/rsa_amethc in Ope ...

ICS Advisories

Siemens SCALANCE X-200RNA Switch Devices

Exploits

Exploit DB: Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle
Orion Elite Hidden IP Browser Pro versions 10 through 79 have insecure versions of Tor and OpenSSL included and also suffer from man-in-the-middle vulnerabilities ...

References

CWE-200http://openssl.org/news/secadv/20151203.txthttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttps://support.apple.com/HT206167http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlhttp://marc.info/?l=bugtraq&m=145382583417444&w=2https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.securityfocus.com/bid/91787https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.securitytracker.com/id/1034294http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2957.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2056.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.htmlhttp://lists.opensuse.org/opensuse-updates/2015-12/msg00070.htmlhttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583http://www.ubuntu.com/usn/USN-2830-1http://rhn.redhat.com/errata/RHSA-2015-2616.htmlhttp://rhn.redhat.com/errata/RHSA-2015-2617.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-opensslhttp://lists.opensuse.org/opensuse-updates/2015-12/msg00071.htmlhttp://www.debian.org/security/2015/dsa-3413http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.htmlhttp://lists.opensuse.org/opensuse-updates/2015-12/msg00087.htmlhttp://www.fortiguard.com/advisory/openssl-advisory-december-2015http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.htmlhttp://fortiguard.com/advisory/openssl-advisory-december-2015http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlhttp://www.securityfocus.com/bid/78626http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=cc598f321fbac9c04da5766243ed55d55948637dhttps://nvd.nist.govhttps://usn.ubuntu.com/2830-1/https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook