The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
Information
Published : 2015-12-06 12:59
Updated : 2022-12-13 04:15
NVD link : CVE-2015-3195
Mitre link : CVE-2015-3195
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
oracle
- integrated_lights_out_manager_firmware
- http_server
- vm_server
- sun_ray_software
- exalogic_infrastructure
- api_gateway
- communications_webrtc_session_controller
- transportation_management
- vm_virtualbox
- life_sciences_data_hub
- solaris
- linux
canonical
- ubuntu_linux
fedoraproject
- fedora
debian
- debian_linux
apple
- mac_os_x
suse
- linux_enterprise_server
opensuse
- opensuse
- leap
redhat
- enterprise_linux_server_aus
- enterprise_linux_workstation
- enterprise_linux_desktop
- enterprise_linux_server_tus
- enterprise_linux_server
openssl
- openssl