The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
History
13 Dec 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2015-12-06 20:59
Updated : 2024-02-04 18:53
NVD link : CVE-2015-3195
Mitre link : CVE-2015-3195
CVE.ORG link : CVE-2015-3195
JSON object : View
Products Affected
oracle
- life_sciences_data_hub
- linux
- api_gateway
- vm_virtualbox
- transportation_management
- exalogic_infrastructure
- sun_ray_software
- vm_server
- http_server
- communications_webrtc_session_controller
- solaris
- integrated_lights_out_manager_firmware
redhat
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_server_tus
- enterprise_linux_desktop
- enterprise_linux_server_aus
apple
- mac_os_x
debian
- debian_linux
canonical
- ubuntu_linux
fedoraproject
- fedora
openssl
- openssl
opensuse
- opensuse
- leap
suse
- linux_enterprise_server
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor