openssl openssl CVE-2015-3195 vulnerability in OpenSSL and Other Products
Published on December 6, 2015

product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2015-3195

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2015-3195 are published in these products:

OpenSSL
 
Oracle Api Gateway
 
Oracle Communications Webrtc Session Controller
 
Oracle Exalogic Infrastructure
 
Oracle Http Server
 
Oracle Life Sciences Data Hub
 
Oracle Sun Ray Software
 
Oracle Transportation Management
 
Oracle Vm Server
 
Oracle VM VirtualBox
 
Apple macOS
 
Canonical Ubuntu Linux
 
Debian Linux
 
Fedora Project Fedora
 
OpenSuse Leap
 
OpenSuse
 
Oracle Integrated Lights Out Manager Firmware
 
Oracle Linux
 
Oracle Solaris
 
Red Hat Enterprise Linux Desktop
 
Red Hat Enterprise Linux Server
 
Red Hat Enterprise Linux Server Aus
 
Red Hat Enterprise Linux Server Tus
 
Red Hat Enterprise Linux Workstation
 
Suse Linux Enterprise Server
 

Exploit Probability

EPSS
3.48%
Percentile
87.34%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.