// For flags

CVE-2015-3195

OpenSSL: X509_ATTRIBUTE memory leak

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

La implementación ASN1_TFLG_COMBINE en crypto/asn1/tasn_dec.c en OpenSSL en versiones anteriores a 0.9.8zh, 1.0.0 en versiones anteriores a 1.0.0t, 1.0.1 en versiones anteriores a 1.0.1q y 1.0.2 en versiones anteriores a 1.0.2e no maneja correctamente los errores provocados por datos X509_ATTRIBUTE malformados, lo que permite a atacantes remotos obtener información sensible de memoria de proceso desencadenando un fallo de decodificación en una aplicación PKCS#7 o CMS.

A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-04-10 CVE Reserved
  • 2015-12-03 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-12 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (49)
URL Tag Source
http://fortiguard.com/advisory/openssl-advisory-december-2015 Broken Link
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733 Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 Third Party Advisory
http://www.fortiguard.com/advisory/openssl-advisory-december-2015 Broken Link
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html Third Party Advisory
http://www.securityfocus.com/bid/78626 Third Party Advisory
http://www.securityfocus.com/bid/91787 Third Party Advisory
http://www.securitytracker.com/id/1034294 Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=cc598f321fbac9c04da5766243ed55d55948637d
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322 Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100 Third Party Advisory
https://support.apple.com/HT206167 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html 2023-11-07
http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html 2023-11-07
http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html 2023-11-07
http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html 2023-11-07
http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html 2023-11-07
http://marc.info/?l=bugtraq&m=145382583417444&w=2 2023-11-07
http://openssl.org/news/secadv/20151203.txt 2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-2616.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-2617.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2016-2056.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2016-2957.html 2023-11-07
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl 2023-11-07
http://www.debian.org/security/2015/dsa-3413 2023-11-07
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583 2023-11-07
http://www.ubuntu.com/usn/USN-2830-1 2023-11-07
https://access.redhat.com/security/cve/CVE-2015-3195 2016-12-15
https://bugzilla.redhat.com/show_bug.cgi?id=1288322 2016-12-15
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
< 10.11.4
Search vendor "Apple" for product "Mac Os X" and version " < 10.11.4"
-
Affected
Oracle
Search vendor "Oracle"
Api Gateway
Search vendor "Oracle" for product "Api Gateway"
11.1.2.3.0
Search vendor "Oracle" for product "Api Gateway" and version "11.1.2.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Api Gateway
Search vendor "Oracle" for product "Api Gateway"
11.1.2.4.0
Search vendor "Oracle" for product "Api Gateway" and version "11.1.2.4.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Webrtc Session Controller
Search vendor "Oracle" for product "Communications Webrtc Session Controller"
7.0
Search vendor "Oracle" for product "Communications Webrtc Session Controller" and version "7.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Webrtc Session Controller
Search vendor "Oracle" for product "Communications Webrtc Session Controller"
7.1
Search vendor "Oracle" for product "Communications Webrtc Session Controller" and version "7.1"
-
Affected
Oracle
Search vendor "Oracle"
Communications Webrtc Session Controller
Search vendor "Oracle" for product "Communications Webrtc Session Controller"
7.2
Search vendor "Oracle" for product "Communications Webrtc Session Controller" and version "7.2"
-
Affected
Oracle
Search vendor "Oracle"
Exalogic Infrastructure
Search vendor "Oracle" for product "Exalogic Infrastructure"
1.0
Search vendor "Oracle" for product "Exalogic Infrastructure" and version "1.0"
-
Affected
Oracle
Search vendor "Oracle"
Exalogic Infrastructure
Search vendor "Oracle" for product "Exalogic Infrastructure"
2.0
Search vendor "Oracle" for product "Exalogic Infrastructure" and version "2.0"
-
Affected
Oracle
Search vendor "Oracle"
Http Server
Search vendor "Oracle" for product "Http Server"
11.5.10.2
Search vendor "Oracle" for product "Http Server" and version "11.5.10.2"
-
Affected
Oracle
Search vendor "Oracle"
Life Sciences Data Hub
Search vendor "Oracle" for product "Life Sciences Data Hub"
2.1
Search vendor "Oracle" for product "Life Sciences Data Hub" and version "2.1"
-
Affected
Oracle
Search vendor "Oracle"
Sun Ray Software
Search vendor "Oracle" for product "Sun Ray Software"
11.1
Search vendor "Oracle" for product "Sun Ray Software" and version "11.1"
-
Affected
Oracle
Search vendor "Oracle"
Transportation Management
Search vendor "Oracle" for product "Transportation Management"
6.1
Search vendor "Oracle" for product "Transportation Management" and version "6.1"
-
Affected
Oracle
Search vendor "Oracle"
Transportation Management
Search vendor "Oracle" for product "Transportation Management"
6.2
Search vendor "Oracle" for product "Transportation Management" and version "6.2"
-
Affected
Oracle
Search vendor "Oracle"
Vm Server
Search vendor "Oracle" for product "Vm Server"
3.2
Search vendor "Oracle" for product "Vm Server" and version "3.2"
x86
Affected
Oracle
Search vendor "Oracle"
Vm Virtualbox
Search vendor "Oracle" for product "Vm Virtualbox"
< 4.3.36
Search vendor "Oracle" for product "Vm Virtualbox" and version " < 4.3.36"
-
Affected
Oracle
Search vendor "Oracle"
Vm Virtualbox
Search vendor "Oracle" for product "Vm Virtualbox"
>= 5.0.0 < 5.0.14
Search vendor "Oracle" for product "Vm Virtualbox" and version " >= 5.0.0 < 5.0.14"
-
Affected
Oracle
Search vendor "Oracle"
Integrated Lights Out Manager Firmware
Search vendor "Oracle" for product "Integrated Lights Out Manager Firmware"
>= 3.0 <= 4.0.4
Search vendor "Oracle" for product "Integrated Lights Out Manager Firmware" and version " >= 3.0 <= 4.0.4"
-
Affected
Oracle
Search vendor "Oracle"
Linux
Search vendor "Oracle" for product "Linux"
5
Search vendor "Oracle" for product "Linux" and version "5"
-
Affected
Oracle
Search vendor "Oracle"
Linux
Search vendor "Oracle" for product "Linux"
6
Search vendor "Oracle" for product "Linux" and version "6"
-
Affected
Oracle
Search vendor "Oracle"
Linux
Search vendor "Oracle" for product "Linux"
7
Search vendor "Oracle" for product "Linux" and version "7"
-
Affected
Oracle
Search vendor "Oracle"
Solaris
Search vendor "Oracle" for product "Solaris"
10
Search vendor "Oracle" for product "Solaris" and version "10"
-
Affected
Oracle
Search vendor "Oracle"
Solaris
Search vendor "Oracle" for product "Solaris"
11.3
Search vendor "Oracle" for product "Solaris" and version "11.3"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
< 0.9.8zh
Search vendor "Openssl" for product "Openssl" and version " < 0.9.8zh"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
>= 1.0.0 < 1.0.0t
Search vendor "Openssl" for product "Openssl" and version " >= 1.0.0 < 1.0.0t"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
>= 1.0.1 < 1.0.1q
Search vendor "Openssl" for product "Openssl" and version " >= 1.0.1 < 1.0.1q"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
>= 1.0.2 < 1.0.2e
Search vendor "Openssl" for product "Openssl" and version " >= 1.0.2 < 1.0.2e"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
5.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
6.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
7.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
5.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "5.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
6.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
7.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
7.2
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.2"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
7.3
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.3"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
7.4
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
7.6
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
7.7
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.7"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
7.2
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.2"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
7.3
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.3"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
7.6
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
7.7
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.7"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
5.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "5.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
6.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
7.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
esm
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
15.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "15.04"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
15.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Opensuse
Search vendor "Opensuse"
Leap
Search vendor "Opensuse" for product "Leap"
42.1
Search vendor "Opensuse" for product "Leap" and version "42.1"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
11.4
Search vendor "Opensuse" for product "Opensuse" and version "11.4"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
13.1
Search vendor "Opensuse" for product "Opensuse" and version "13.1"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
13.2
Search vendor "Opensuse" for product "Opensuse" and version "13.2"
-
Affected
Suse
Search vendor "Suse"
Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
10
Search vendor "Suse" for product "Linux Enterprise Server" and version "10"
sp4, ltss
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
22
Search vendor "Fedoraproject" for product "Fedora" and version "22"
-
Affected