Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-3195

Опубликовано: 03 дек. 2015
Источник: redhat
CVSS3: 5.3
CVSS2: 4.3

Описание

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5openssl097aNot affected
Red Hat Enterprise Linux 6openssl098eWill not fix
Red Hat Enterprise Linux 7openssl098eWill not fix
Red Hat JBoss Core ServicesopensslAffected
Red Hat JBoss Enterprise Web Server 1opensslWill not fix
Red Hat JBoss Enterprise Web Server 2opensslWill not fix
Red Hat JBoss Enterprise Web Server 3opensslFix deferred
Red Hat Enterprise Linux 5opensslFixedRHSA-2015:261614.12.2015
Red Hat Enterprise Linux 6opensslFixedRHSA-2015:261714.12.2015
Red Hat Enterprise Linux 7opensslFixedRHSA-2015:261714.12.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-401
https://bugzilla.redhat.com/show_bug.cgi?id=1288322OpenSSL: X509_ATTRIBUTE memory leak

5.3 Medium

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-3195

CVSS3: 5.3
ubuntu
больше 9 лет назад

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

nvd логотип

CVE-2015-3195

CVSS3: 5.3
nvd
больше 9 лет назад

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

debian логотип

CVE-2015-3195

CVSS3: 5.3
debian
больше 9 лет назад

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in Open ...

suse-cvrf логотип

openSUSE-SU-2015:2349-1

suse-cvrf
больше 9 лет назад

Security update for compat-openssl098

suse-cvrf логотип

SUSE-SU-2015:2342-1

suse-cvrf
больше 9 лет назад

Security update for compat-openssl098

5.3 Medium

CVSS3

4.3 Medium

CVSS2