CVE-2015-3195
OpenSSL: X509_ATTRIBUTE memory leak
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
La implementación ASN1_TFLG_COMBINE en crypto/asn1/tasn_dec.c en OpenSSL en versiones anteriores a 0.9.8zh, 1.0.0 en versiones anteriores a 1.0.0t, 1.0.1 en versiones anteriores a 1.0.1q y 1.0.2 en versiones anteriores a 1.0.2e no maneja correctamente los errores provocados por datos X509_ATTRIBUTE malformados, lo que permite a atacantes remotos obtener información sensible de memoria de proceso desencadenando un fallo de decodificación en una aplicación PKCS#7 o CMS.
A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-04-10 CVE Reserved
- 2015-12-03 CVE Published
- 2024-08-06 CVE Updated
- 2024-11-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (49)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | < 10.11.4 Search vendor "Apple" for product "Mac Os X" and version " < 10.11.4" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Api Gateway Search vendor "Oracle" for product "Api Gateway" | 11.1.2.3.0 Search vendor "Oracle" for product "Api Gateway" and version "11.1.2.3.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Api Gateway Search vendor "Oracle" for product "Api Gateway" | 11.1.2.4.0 Search vendor "Oracle" for product "Api Gateway" and version "11.1.2.4.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Webrtc Session Controller Search vendor "Oracle" for product "Communications Webrtc Session Controller" | 7.0 Search vendor "Oracle" for product "Communications Webrtc Session Controller" and version "7.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Webrtc Session Controller Search vendor "Oracle" for product "Communications Webrtc Session Controller" | 7.1 Search vendor "Oracle" for product "Communications Webrtc Session Controller" and version "7.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Webrtc Session Controller Search vendor "Oracle" for product "Communications Webrtc Session Controller" | 7.2 Search vendor "Oracle" for product "Communications Webrtc Session Controller" and version "7.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Exalogic Infrastructure Search vendor "Oracle" for product "Exalogic Infrastructure" | 1.0 Search vendor "Oracle" for product "Exalogic Infrastructure" and version "1.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Exalogic Infrastructure Search vendor "Oracle" for product "Exalogic Infrastructure" | 2.0 Search vendor "Oracle" for product "Exalogic Infrastructure" and version "2.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Http Server Search vendor "Oracle" for product "Http Server" | 11.5.10.2 Search vendor "Oracle" for product "Http Server" and version "11.5.10.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Life Sciences Data Hub Search vendor "Oracle" for product "Life Sciences Data Hub" | 2.1 Search vendor "Oracle" for product "Life Sciences Data Hub" and version "2.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Sun Ray Software Search vendor "Oracle" for product "Sun Ray Software" | 11.1 Search vendor "Oracle" for product "Sun Ray Software" and version "11.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Transportation Management Search vendor "Oracle" for product "Transportation Management" | 6.1 Search vendor "Oracle" for product "Transportation Management" and version "6.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Transportation Management Search vendor "Oracle" for product "Transportation Management" | 6.2 Search vendor "Oracle" for product "Transportation Management" and version "6.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Vm Server Search vendor "Oracle" for product "Vm Server" | 3.2 Search vendor "Oracle" for product "Vm Server" and version "3.2" | x86 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Vm Virtualbox Search vendor "Oracle" for product "Vm Virtualbox" | < 4.3.36 Search vendor "Oracle" for product "Vm Virtualbox" and version " < 4.3.36" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Vm Virtualbox Search vendor "Oracle" for product "Vm Virtualbox" | >= 5.0.0 < 5.0.14 Search vendor "Oracle" for product "Vm Virtualbox" and version " >= 5.0.0 < 5.0.14" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Integrated Lights Out Manager Firmware Search vendor "Oracle" for product "Integrated Lights Out Manager Firmware" | >= 3.0 <= 4.0.4 Search vendor "Oracle" for product "Integrated Lights Out Manager Firmware" and version " >= 3.0 <= 4.0.4" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | 5 Search vendor "Oracle" for product "Linux" and version "5" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | 6 Search vendor "Oracle" for product "Linux" and version "6" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | 7 Search vendor "Oracle" for product "Linux" and version "7" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Solaris Search vendor "Oracle" for product "Solaris" | 10 Search vendor "Oracle" for product "Solaris" and version "10" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Solaris Search vendor "Oracle" for product "Solaris" | 11.3 Search vendor "Oracle" for product "Solaris" and version "11.3" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | < 0.9.8zh Search vendor "Openssl" for product "Openssl" and version " < 0.9.8zh" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | >= 1.0.0 < 1.0.0t Search vendor "Openssl" for product "Openssl" and version " >= 1.0.0 < 1.0.0t" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | >= 1.0.1 < 1.0.1q Search vendor "Openssl" for product "Openssl" and version " >= 1.0.1 < 1.0.1q" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | >= 1.0.2 < 1.0.2e Search vendor "Openssl" for product "Openssl" and version " >= 1.0.2 < 1.0.2e" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "5.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.3" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.2 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.3" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "5.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.04" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.1 Search vendor "Opensuse" for product "Leap" and version "42.1" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 11.4 Search vendor "Opensuse" for product "Opensuse" and version "11.4" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 10 Search vendor "Suse" for product "Linux Enterprise Server" and version "10" | sp4, ltss |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 22 Search vendor "Fedoraproject" for product "Fedora" and version "22" | - |
Affected
|