Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2015-3195

Опубликовано: 06 дек. 2015
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 5.3

Описание

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

РелизСтатусПримечание
artful

released

1.0.2e-1ubuntu1
bionic

released

1.0.2e-1ubuntu1
cosmic

released

1.0.2e-1ubuntu1
devel

released

1.0.2e-1ubuntu1
disco

released

1.0.2e-1ubuntu1
esm-infra-legacy/trusty

released

1.0.1f-1ubuntu2.16
esm-infra/bionic

released

1.0.2e-1ubuntu1
esm-infra/xenial

released

1.0.2e-1ubuntu1
precise

released

1.0.1-4ubuntu5.32
precise/esm

not-affected

1.0.1-4ubuntu5.32

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was needed]
precise

ignored

end of life
precise/esm

DNE

precise was needed
trusty

ignored

end of standard support
trusty/esm

DNE

trusty was needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 89%
0.04698
Низкий

5 Medium

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2015-3195

CVSS3: 5.3
redhat
почти 10 лет назад

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

nvd логотип

CVE-2015-3195

CVSS3: 5.3
nvd
почти 10 лет назад

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

debian логотип

CVE-2015-3195

CVSS3: 5.3
debian
почти 10 лет назад

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in Open ...

suse-cvrf логотип

openSUSE-SU-2015:2349-1

suse-cvrf
почти 10 лет назад

Security update for compat-openssl098

suse-cvrf логотип

SUSE-SU-2015:2342-1

suse-cvrf
почти 10 лет назад

Security update for compat-openssl098

EPSS

Процентиль: 89%
0.04698
Низкий

5 Medium

CVSS2

5.3 Medium

CVSS3