CVE-2015-3196

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.

Published : 2015-12-06 20:59 Updated : 2019-06-13 18:15

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Oracle Vm Virtualbox 4.3.0 cpe:/a:oracle:vm_virtualbox:4.3.0
Oracle Vm Virtualbox 4.3.2 cpe:/a:oracle:vm_virtualbox:4.3.2
Oracle Vm Virtualbox 4.3.4 cpe:/a:oracle:vm_virtualbox:4.3.4
Oracle Vm Virtualbox 4.3.6 cpe:/a:oracle:vm_virtualbox:4.3.6
Oracle Vm Virtualbox 4.3.8 cpe:/a:oracle:vm_virtualbox:4.3.8
Oracle Vm Virtualbox 4.3.10 cpe:/a:oracle:vm_virtualbox:4.3.10
Oracle Vm Virtualbox 4.3.12 cpe:/a:oracle:vm_virtualbox:4.3.12
Oracle Vm Virtualbox 4.3.14 cpe:/a:oracle:vm_virtualbox:4.3.14
Oracle Vm Virtualbox 4.3.16 cpe:/a:oracle:vm_virtualbox:4.3.16
Oracle Vm Virtualbox 4.3.18 cpe:/a:oracle:vm_virtualbox:4.3.18
Oracle Vm Virtualbox 4.3.22 cpe:/a:oracle:vm_virtualbox:4.3.22
Oracle Vm Virtualbox 4.3.24 cpe:/a:oracle:vm_virtualbox:4.3.24
Oracle Vm Virtualbox 4.3.26 cpe:/a:oracle:vm_virtualbox:4.3.26
Oracle Vm Virtualbox 4.3.28 cpe:/a:oracle:vm_virtualbox:4.3.28
Oracle Vm Virtualbox 4.3.29 cpe:/a:oracle:vm_virtualbox:4.3.29
Oracle Vm Virtualbox 4.3.30 cpe:/a:oracle:vm_virtualbox:4.3.30
Oracle Vm Virtualbox 4.3.32 cpe:/a:oracle:vm_virtualbox:4.3.32
Oracle Vm Virtualbox 4.3.34 cpe:/a:oracle:vm_virtualbox:4.3.34
Oracle Vm Virtualbox 5.0.0 cpe:/a:oracle:vm_virtualbox:5.0.0
Oracle Vm Virtualbox 5.0.2 cpe:/a:oracle:vm_virtualbox:5.0.2
Oracle Vm Virtualbox 5.0.4 cpe:/a:oracle:vm_virtualbox:5.0.4
Oracle Vm Virtualbox 5.0.6 cpe:/a:oracle:vm_virtualbox:5.0.6
Oracle Vm Virtualbox 5.0.8 cpe:/a:oracle:vm_virtualbox:5.0.8
Oracle Vm Virtualbox 5.0.10 cpe:/a:oracle:vm_virtualbox:5.0.10
Oracle Vm Virtualbox 5.0.12 cpe:/a:oracle:vm_virtualbox:5.0.12
Canonical Ubuntu Linux 12.04 cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Canonical Ubuntu Linux 15.04 cpe:/o:canonical:ubuntu_linux:15.04
Canonical Ubuntu Linux 15.10 cpe:/o:canonical:ubuntu_linux:15.10
Debian Debian Linux 7.0 cpe:/o:debian:debian_linux:7.0
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Fedoraproject Fedora 22 cpe:/o:fedoraproject:fedora:22
Redhat Enterprise Linux Desktop 6.0 cpe:/o:redhat:enterprise_linux_desktop:6.0
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Redhat Enterprise Linux Server 6.0 cpe:/o:redhat:enterprise_linux_server:6.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Enterprise Linux Server Aus 7.2 cpe:/o:redhat:enterprise_linux_server_aus:7.2
Redhat Enterprise Linux Server Aus 7.3 cpe:/o:redhat:enterprise_linux_server_aus:7.3
Redhat Enterprise Linux Server Aus 7.4 cpe:/o:redhat:enterprise_linux_server_aus:7.4
Redhat Enterprise Linux Server Eus 6.7 cpe:/o:redhat:enterprise_linux_server_eus:6.7
Redhat Enterprise Linux Server Eus 7.2 cpe:/o:redhat:enterprise_linux_server_eus:7.2
Redhat Enterprise Linux Server Eus 7.3 cpe:/o:redhat:enterprise_linux_server_eus:7.3
Redhat Enterprise Linux Server Eus 7.4 cpe:/o:redhat:enterprise_linux_server_eus:7.4
Redhat Enterprise Linux Server Eus 7.5 cpe:/o:redhat:enterprise_linux_server_eus:7.5
Redhat Enterprise Linux Server Eus 7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.6
Redhat Enterprise Linux Server Tus 7.2 cpe:/o:redhat:enterprise_linux_server_tus:7.2
Redhat Enterprise Linux Server Tus 7.3 cpe:/o:redhat:enterprise_linux_server_tus:7.3
Redhat Enterprise Linux Server Tus 7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.6
Redhat Enterprise Linux Workstation 6.0 cpe:/o:redhat:enterprise_linux_workstation:6.0
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
Hp Icewall Sso Agent Option 10.0 cpe:/a:hp:icewall_sso_agent_option:10.0
Openssl Openssl 1.0.0l cpe:/a:openssl:openssl:1.0.0l
Openssl Openssl 1.0.0m cpe:/a:openssl:openssl:1.0.0m
Openssl Openssl 1.0.0n cpe:/a:openssl:openssl:1.0.0n
Openssl Openssl 1.0.0o cpe:/a:openssl:openssl:1.0.0o
Openssl Openssl 1.0.0p cpe:/a:openssl:openssl:1.0.0p
Openssl Openssl 1.0.0q cpe:/a:openssl:openssl:1.0.0q
Openssl Openssl 1.0.0r cpe:/a:openssl:openssl:1.0.0r
Openssl Openssl 1.0.0s cpe:/a:openssl:openssl:1.0.0s
Openssl Openssl 1.0.0d cpe:/a:openssl:openssl:1.0.0d
Openssl Openssl 1.0.0e cpe:/a:openssl:openssl:1.0.0e
Openssl Openssl 1.0.0f cpe:/a:openssl:openssl:1.0.0f
Openssl Openssl 1.0.0g cpe:/a:openssl:openssl:1.0.0g
Openssl Openssl 1.0.0h cpe:/a:openssl:openssl:1.0.0h
Openssl Openssl 1.0.0i cpe:/a:openssl:openssl:1.0.0i
Openssl Openssl 1.0.0j cpe:/a:openssl:openssl:1.0.0j
Hp Icewall Sso 10.0 cpe:/a:hp:icewall_sso:10.0::~~certd~~~
Openssl Openssl 1.0.0k cpe:/a:openssl:openssl:1.0.0k
Openssl Openssl 1.0.1a cpe:/a:openssl:openssl:1.0.1a
Openssl Openssl 1.0.1b cpe:/a:openssl:openssl:1.0.1b
Openssl Openssl 1.0.1c cpe:/a:openssl:openssl:1.0.1c
Openssl Openssl 1.0.1d cpe:/a:openssl:openssl:1.0.1d
Openssl Openssl 1.0.1m cpe:/a:openssl:openssl:1.0.1m
Openssl Openssl 1.0.1n cpe:/a:openssl:openssl:1.0.1n
Openssl Openssl 1.0.1o cpe:/a:openssl:openssl:1.0.1o
Oracle Vm Virtualbox 4.3.35 cpe:/a:oracle:vm_virtualbox:4.3.35
Openssl Openssl 1.0.1e cpe:/a:openssl:openssl:1.0.1e
Openssl Openssl 1.0.1f cpe:/a:openssl:openssl:1.0.1f
Openssl Openssl 1.0.1g cpe:/a:openssl:openssl:1.0.1g
Openssl Openssl 1.0.1h cpe:/a:openssl:openssl:1.0.1h
Openssl Openssl 1.0.1i cpe:/a:openssl:openssl:1.0.1i
Openssl Openssl 1.0.1j cpe:/a:openssl:openssl:1.0.1j
Openssl Openssl 1.0.1k cpe:/a:openssl:openssl:1.0.1k
Openssl Openssl 1.0.1l cpe:/a:openssl:openssl:1.0.1l
Openssl Openssl 1.0.0a cpe:/a:openssl:openssl:1.0.0a
Openssl Openssl 1.0.0b cpe:/a:openssl:openssl:1.0.0b
Openssl Openssl 1.0.0c cpe:/a:openssl:openssl:1.0.0c
Openssl Openssl 1.0.0 cpe:/a:openssl:openssl:1.0.0
Openssl Openssl 1.0.1 cpe:/a:openssl:openssl:1.0.1
Oracle Vm Virtualbox 5.0.13 cpe:/a:oracle:vm_virtualbox:5.0.13
  1. Hp (2) Search CVE
    1. Icewall Sso (1) Search CVE
      1. 10.0
    2. Icewall Sso Agent Option (1) Search CVE
      1. 10.0
  2. Openssl (1) Search CVE
    1. Openssl (36) Search CVE
      1. 1.0.0l
      2. 1.0.0m
      3. 1.0.0n
      4. 1.0.0o
      5. 1.0.0p
      6. 1.0.0q
      7. 1.0.0r
      8. 1.0.0s
      9. 1.0.0d
      10. 1.0.0e
      11. 1.0.0f
      12. 1.0.0g
      13. 1.0.0h
      14. 1.0.0i
      15. 1.0.0j
      16. 1.0.0k
      17. 1.0.1a
      18. 1.0.1b
      19. 1.0.1c
      20. 1.0.1d
      21. 1.0.1m
      22. 1.0.1n
      23. 1.0.1o
      24. 1.0.1e
      25. 1.0.1f
      26. 1.0.1g
      27. 1.0.1h
      28. 1.0.1i
      29. 1.0.1j
      30. 1.0.1k
      31. 1.0.1l
      32. 1.0.0a
      33. 1.0.0b
      34. 1.0.0c
      35. 1.0.0
      36. 1.0.1
  3. Redhat (6) Search CVE
    1. Enterprise Linux Server Eus (6) Search CVE
      1. 6.7
      2. 7.2
      3. 7.3
      4. 7.4
      5. 7.5
      6. 7.6
    2. Enterprise Linux Desktop (2) Search CVE
      1. 6.0
      2. 7.0
    3. Enterprise Linux Workstation (2) Search CVE
      1. 6.0
      2. 7.0
    4. Enterprise Linux Server (2) Search CVE
      1. 6.0
      2. 7.0
    5. Enterprise Linux Server Aus (3) Search CVE
      1. 7.2
      2. 7.3
      3. 7.4
    6. Enterprise Linux Server Tus (3) Search CVE
      1. 7.2
      2. 7.3
      3. 7.6
  4. Oracle (1) Search CVE
    1. Vm Virtualbox (27) Search CVE
      1. 4.3.0
      2. 4.3.2
      3. 4.3.4
      4. 4.3.6
      5. 4.3.8
      6. 4.3.10
      7. 4.3.12
      8. 4.3.14
      9. 4.3.16
      10. 4.3.18
      11. 4.3.22
      12. 4.3.24
      13. 4.3.26
      14. 4.3.28
      15. 4.3.29
      16. 4.3.30
      17. 4.3.32
      18. 4.3.34
      19. 5.0.0
      20. 5.0.2
      21. 5.0.4
      22. 5.0.6
      23. 5.0.8
      24. 5.0.10
      25. 5.0.12
      26. 4.3.35
      27. 5.0.13
  5. Debian (1) Search CVE
    1. Debian Linux (2) Search CVE
      1. 7.0
      2. 8.0
  6. Canonical (1) Search CVE
    1. Ubuntu Linux (4) Search CVE
      1. 12.04
      2. 14.04
      3. 15.04
      4. 15.10
  7. Fedoraproject (1) Search CVE
    1. Fedora (1) Search CVE
      1. 22

CWE

ID Name Description Links
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. CVE

References

Source Link
HP http://marc.info/?l=bugtraq&m=145382583417444&w=2
SUSE http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html
CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html
CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
CONFIRM http://openssl.org/news/secadv/20151203.txt
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
CONFIRM https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
REDHAT http://rhn.redhat.com/errata/RHSA-2015-2617.html
UBUNTU http://www.ubuntu.com/usn/USN-2830-1
BID http://www.securityfocus.com/bid/78622
CONFIRM https://git.openssl.org/?p=openssl.git;a=commit;h=3c66a669dfc7b3792f7af0758ea26fe8502ce70c
CONFIRM http://www.fortiguard.com/advisory/openssl-advisory-december-2015
SLACKWARE http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
DEBIAN http://www.debian.org/security/2015/dsa-3413
CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
CONFIRM http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
SECTRACK http://www.securitytracker.com/id/1034294
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
REDHAT http://rhn.redhat.com/errata/RHSA-2016-2957.html
CISCO http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
CONFIRM http://fortiguard.com/advisory/openssl-advisory-december-2015
SUSE http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322

History of changes

Date Event
2019-06-13 18:15
2018-01-05 02:30
2017-10-20 01:29
2017-09-14 05:28
2015-12-06 20:59

New CVE