CVE-2015-3195

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

Published : 2015-12-06 20:59 Updated : 2019-06-14 14:44

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Apple Mac Os X 10.11.3 cpe:/o:apple:mac_os_x:10.11.3
Oracle Api Gateway 11.1.2.3.0 cpe:/a:oracle:api_gateway:11.1.2.3.0
Oracle Life Sciences Data Hub 2.1 cpe:/a:oracle:life_sciences_data_hub:2.1
Oracle Exalogic Infrastructure 1.0 cpe:/a:oracle:exalogic_infrastructure:1.0
Oracle Vm Virtualbox 4.3.36 cpe:/a:oracle:vm_virtualbox:4.3.36
Openssl Openssl 1.0.0a cpe:/a:openssl:openssl:1.0.0a
Openssl Openssl 1.0.0b cpe:/a:openssl:openssl:1.0.0b
Openssl Openssl 1.0.0c cpe:/a:openssl:openssl:1.0.0c
Openssl Openssl 1.0.0l cpe:/a:openssl:openssl:1.0.0l
Openssl Openssl 1.0.0m cpe:/a:openssl:openssl:1.0.0m
Openssl Openssl 1.0.0n cpe:/a:openssl:openssl:1.0.0n
Openssl Openssl 1.0.0o cpe:/a:openssl:openssl:1.0.0o
Openssl Openssl 1.0.0p cpe:/a:openssl:openssl:1.0.0p
Openssl Openssl 1.0.0q cpe:/a:openssl:openssl:1.0.0q
Openssl Openssl 1.0.0r cpe:/a:openssl:openssl:1.0.0r
Openssl Openssl 1.0.0s cpe:/a:openssl:openssl:1.0.0s
Openssl Openssl 1.0.0d cpe:/a:openssl:openssl:1.0.0d
Openssl Openssl 1.0.0e cpe:/a:openssl:openssl:1.0.0e
Openssl Openssl 1.0.0f cpe:/a:openssl:openssl:1.0.0f
Openssl Openssl 1.0.0g cpe:/a:openssl:openssl:1.0.0g
Openssl Openssl 1.0.0h cpe:/a:openssl:openssl:1.0.0h
Openssl Openssl 1.0.0i cpe:/a:openssl:openssl:1.0.0i
Openssl Openssl 1.0.0j cpe:/a:openssl:openssl:1.0.0j
Openssl Openssl 1.0.0k cpe:/a:openssl:openssl:1.0.0k
Oracle Api Gateway 11.1.2.4.0 cpe:/a:oracle:api_gateway:11.1.2.4.0
Oracle Exalogic Infrastructure 2.0 cpe:/a:oracle:exalogic_infrastructure:2.0
Openssl Openssl 0.9.8zg cpe:/a:openssl:openssl:0.9.8zg
Openssl Openssl 1.0.1a cpe:/a:openssl:openssl:1.0.1a
Openssl Openssl 1.0.1b cpe:/a:openssl:openssl:1.0.1b
Openssl Openssl 1.0.1c cpe:/a:openssl:openssl:1.0.1c
Openssl Openssl 1.0.1d cpe:/a:openssl:openssl:1.0.1d
Openssl Openssl 1.0.1m cpe:/a:openssl:openssl:1.0.1m
Openssl Openssl 1.0.1n cpe:/a:openssl:openssl:1.0.1n
Openssl Openssl 1.0.1o cpe:/a:openssl:openssl:1.0.1o
Openssl Openssl 1.0.1p cpe:/a:openssl:openssl:1.0.1p
Oracle Sun Ray Software 11.1 cpe:/a:oracle:sun_ray_software:11.1
Openssl Openssl 1.0.1e cpe:/a:openssl:openssl:1.0.1e
Openssl Openssl 1.0.1f cpe:/a:openssl:openssl:1.0.1f
Openssl Openssl 1.0.1g cpe:/a:openssl:openssl:1.0.1g
Openssl Openssl 1.0.1h cpe:/a:openssl:openssl:1.0.1h
Openssl Openssl 1.0.1i cpe:/a:openssl:openssl:1.0.1i
Openssl Openssl 1.0.1j cpe:/a:openssl:openssl:1.0.1j
Openssl Openssl 1.0.1k cpe:/a:openssl:openssl:1.0.1k
Openssl Openssl 1.0.1l cpe:/a:openssl:openssl:1.0.1l
Openssl Openssl 1.0.2a cpe:/a:openssl:openssl:1.0.2a
Openssl Openssl 1.0.2 cpe:/a:openssl:openssl:1.0.2
Openssl Openssl 1.0.2b cpe:/a:openssl:openssl:1.0.2b
Openssl Openssl 1.0.2c cpe:/a:openssl:openssl:1.0.2c
Openssl Openssl 1.0.2d cpe:/a:openssl:openssl:1.0.2d
Openssl Openssl 1.0.0 cpe:/a:openssl:openssl:1.0.0
Oracle Transportation Management 6.1 cpe:/a:oracle:transportation_management:6.1
Oracle Transportation Management 6.2 cpe:/a:oracle:transportation_management:6.2
Oracle Vm Virtualbox 4.3.0 cpe:/a:oracle:vm_virtualbox:4.3.0
Oracle Vm Virtualbox 4.3.2 cpe:/a:oracle:vm_virtualbox:4.3.2
Oracle Vm Virtualbox 4.3.4 cpe:/a:oracle:vm_virtualbox:4.3.4
Oracle Vm Virtualbox 4.3.6 cpe:/a:oracle:vm_virtualbox:4.3.6
Oracle Vm Virtualbox 4.3.8 cpe:/a:oracle:vm_virtualbox:4.3.8
Oracle Vm Virtualbox 4.3.10 cpe:/a:oracle:vm_virtualbox:4.3.10
Oracle Vm Virtualbox 4.3.12 cpe:/a:oracle:vm_virtualbox:4.3.12
Oracle Vm Virtualbox 4.3.14 cpe:/a:oracle:vm_virtualbox:4.3.14
Oracle Vm Virtualbox 4.3.16 cpe:/a:oracle:vm_virtualbox:4.3.16
Oracle Vm Virtualbox 4.3.18 cpe:/a:oracle:vm_virtualbox:4.3.18
Oracle Vm Virtualbox 4.3.22 cpe:/a:oracle:vm_virtualbox:4.3.22
Oracle Vm Virtualbox 4.3.24 cpe:/a:oracle:vm_virtualbox:4.3.24
Oracle Vm Virtualbox 4.3.26 cpe:/a:oracle:vm_virtualbox:4.3.26
Oracle Vm Virtualbox 4.3.28 cpe:/a:oracle:vm_virtualbox:4.3.28
Oracle Vm Virtualbox 4.3.29 cpe:/a:oracle:vm_virtualbox:4.3.29
Oracle Vm Virtualbox 4.3.30 cpe:/a:oracle:vm_virtualbox:4.3.30
Oracle Vm Virtualbox 4.3.32 cpe:/a:oracle:vm_virtualbox:4.3.32
Oracle Vm Virtualbox 4.3.34 cpe:/a:oracle:vm_virtualbox:4.3.34
Oracle Vm Virtualbox 4.3.35 cpe:/a:oracle:vm_virtualbox:4.3.35
Canonical Ubuntu Linux 12.04 cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Canonical Ubuntu Linux 15.04 cpe:/o:canonical:ubuntu_linux:15.04
Canonical Ubuntu Linux 15.10 cpe:/o:canonical:ubuntu_linux:15.10
Debian Debian Linux 7.0 cpe:/o:debian:debian_linux:7.0
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Redhat Enterprise Linux Desktop 5.0 cpe:/o:redhat:enterprise_linux_desktop:5.0
Redhat Enterprise Linux Desktop 6.0 cpe:/o:redhat:enterprise_linux_desktop:6.0
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Redhat Enterprise Linux Server 5.0 cpe:/o:redhat:enterprise_linux_server:5.0
Redhat Enterprise Linux Server 6.0 cpe:/o:redhat:enterprise_linux_server:6.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Enterprise Linux Server Aus 7.2 cpe:/o:redhat:enterprise_linux_server_aus:7.2
Redhat Enterprise Linux Server Aus 7.3 cpe:/o:redhat:enterprise_linux_server_aus:7.3
Redhat Enterprise Linux Server Aus 7.4 cpe:/o:redhat:enterprise_linux_server_aus:7.4
Redhat Enterprise Linux Server Eus 6.7 cpe:/o:redhat:enterprise_linux_server_eus:6.7
Redhat Enterprise Linux Server Eus 7.2 cpe:/o:redhat:enterprise_linux_server_eus:7.2
Redhat Enterprise Linux Server Eus 7.3 cpe:/o:redhat:enterprise_linux_server_eus:7.3
Redhat Enterprise Linux Server Eus 7.4 cpe:/o:redhat:enterprise_linux_server_eus:7.4
Redhat Enterprise Linux Server Eus 7.5 cpe:/o:redhat:enterprise_linux_server_eus:7.5
Redhat Enterprise Linux Server Eus 7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.6
Redhat Enterprise Linux Server Tus 7.2 cpe:/o:redhat:enterprise_linux_server_tus:7.2
Redhat Enterprise Linux Server Tus 7.3 cpe:/o:redhat:enterprise_linux_server_tus:7.3
Redhat Enterprise Linux Server Tus 7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.6
Redhat Enterprise Linux Workstation 5.0 cpe:/o:redhat:enterprise_linux_workstation:5.0
Redhat Enterprise Linux Workstation 6.0 cpe:/o:redhat:enterprise_linux_workstation:6.0
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
  1. Openssl (1) Search CVE
    1. Openssl (42) Search CVE
      1. 1.0.0a
      2. 1.0.0b
      3. 1.0.0c
      4. 1.0.0l
      5. 1.0.0m
      6. 1.0.0n
      7. 1.0.0o
      8. 1.0.0p
      9. 1.0.0q
      10. 1.0.0r
      11. 1.0.0s
      12. 1.0.0d
      13. 1.0.0e
      14. 1.0.0f
      15. 1.0.0g
      16. 1.0.0h
      17. 1.0.0i
      18. 1.0.0j
      19. 1.0.0k
      20. 0.9.8zg
      21. 1.0.1a
      22. 1.0.1b
      23. 1.0.1c
      24. 1.0.1d
      25. 1.0.1m
      26. 1.0.1n
      27. 1.0.1o
      28. 1.0.1p
      29. 1.0.1e
      30. 1.0.1f
      31. 1.0.1g
      32. 1.0.1h
      33. 1.0.1i
      34. 1.0.1j
      35. 1.0.1k
      36. 1.0.1l
      37. 1.0.2a
      38. 1.0.2
      39. 1.0.2b
      40. 1.0.2c
      41. 1.0.2d
      42. 1.0.0
  2. Redhat (6) Search CVE
    1. Enterprise Linux Server Eus (6) Search CVE
      1. 6.7
      2. 7.2
      3. 7.3
      4. 7.4
      5. 7.5
      6. 7.6
    2. Enterprise Linux Desktop (3) Search CVE
      1. 5.0
      2. 6.0
      3. 7.0
    3. Enterprise Linux Workstation (3) Search CVE
      1. 5.0
      2. 6.0
      3. 7.0
    4. Enterprise Linux Server (3) Search CVE
      1. 5.0
      2. 6.0
      3. 7.0
    5. Enterprise Linux Server Aus (3) Search CVE
      1. 7.2
      2. 7.3
      3. 7.4
    6. Enterprise Linux Server Tus (3) Search CVE
      1. 7.2
      2. 7.3
      3. 7.6
  3. Oracle (6) Search CVE
    1. Transportation Management (2) Search CVE
      1. 6.1
      2. 6.2
    2. Life Sciences Data Hub (1) Search CVE
      1. 2.1
    3. Sun Ray Software (1) Search CVE
      1. 11.1
    4. Vm Virtualbox (20) Search CVE
      1. 4.3.36
      2. 4.3.0
      3. 4.3.2
      4. 4.3.4
      5. 4.3.6
      6. 4.3.8
      7. 4.3.10
      8. 4.3.12
      9. 4.3.14
      10. 4.3.16
      11. 4.3.18
      12. 4.3.22
      13. 4.3.24
      14. 4.3.26
      15. 4.3.28
      16. 4.3.29
      17. 4.3.30
      18. 4.3.32
      19. 4.3.34
      20. 4.3.35
    5. Api Gateway (2) Search CVE
      1. 11.1.2.3.0
      2. 11.1.2.4.0
    6. Exalogic Infrastructure (2) Search CVE
      1. 1.0
      2. 2.0
  4. Debian (1) Search CVE
    1. Debian Linux (2) Search CVE
      1. 7.0
      2. 8.0
  5. Canonical (1) Search CVE
    1. Ubuntu Linux (4) Search CVE
      1. 12.04
      2. 14.04
      3. 15.04
      4. 15.10
  6. Apple (1) Search CVE
    1. Mac Os X (1) Search CVE
      1. 10.11.3

CWE

ID Name Description Links
CWE-200 Information Exposure An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. CVE

References

Source Link
CONFIRM http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
CONFIRM http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html
CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
CONFIRM http://fortiguard.com/advisory/openssl-advisory-december-2015
CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
CONFIRM http://openssl.org/news/secadv/20151203.txt
APPLE http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
CONFIRM http://www.fortiguard.com/advisory/openssl-advisory-december-2015
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
BID http://www.securityfocus.com/bid/78626
REDHAT http://rhn.redhat.com/errata/RHSA-2015-2616.html
SLACKWARE http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
SUSE http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
CONFIRM https://support.apple.com/HT206167
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
SUSE http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
CISCO http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
SUSE http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
CONFIRM https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
UBUNTU http://www.ubuntu.com/usn/USN-2830-1
SUSE http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html
HP http://marc.info/?l=bugtraq&m=145382583417444&w=2
CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
DEBIAN http://www.debian.org/security/2015/dsa-3413
CONFIRM https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d
BID http://www.securityfocus.com/bid/91787
REDHAT http://rhn.redhat.com/errata/RHSA-2015-2617.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
SECTRACK http://www.securitytracker.com/id/1034294
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
REDHAT http://rhn.redhat.com/errata/RHSA-2016-2056.html
REDHAT http://rhn.redhat.com/errata/RHSA-2016-2957.html
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

History of changes

Date Event
2019-06-14 14:44
2018-01-18 18:18
2018-01-05 02:30
2017-10-20 01:29
2017-09-14 05:28
2017-08-09 05:25
2015-12-06 20:59

New CVE