UBUNTU-CVE-2015-3195
- Source
- https://ubuntu.com/security/CVE-2015-3195
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-3195.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-3195
- Related
- Published
- 2015-12-03T00:00:00Z
- Modified
- 2015-12-03T00:00:00Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
The ASN1TFLGCOMBINE implementation in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
- References
Affected packages
Ubuntu:14.04:LTS / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.1f-1ubuntu2.16
Affected versions
1.*
1.0.1e-3ubuntu1
1.0.1e-4ubuntu1
1.0.1e-4ubuntu2
1.0.1e-4ubuntu3
1.0.1e-4ubuntu4
1.0.1f-1ubuntu1
1.0.1f-1ubuntu2
1.0.1f-1ubuntu2.1
1.0.1f-1ubuntu2.2
1.0.1f-1ubuntu2.3
1.0.1f-1ubuntu2.4
1.0.1f-1ubuntu2.5
1.0.1f-1ubuntu2.7
1.0.1f-1ubuntu2.8
1.0.1f-1ubuntu2.11
1.0.1f-1ubuntu2.12
1.0.1f-1ubuntu2.15
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1.0.1f-1ubuntu2.16",
"binary_name": "libcrypto1.0.0-udeb"
},
{
"binary_version": "1.0.1f-1ubuntu2.16",
"binary_name": "libcrypto1.0.0-udeb-dbgsym"
},
{
"binary_version": "1.0.1f-1ubuntu2.16",
"binary_name": "libssl-dev"
},
{
"binary_version": "1.0.1f-1ubuntu2.16",
"binary_name": "libssl-dev-dbgsym"
},
{
"binary_version": "1.0.1f-1ubuntu2.16",
"binary_name": "libssl-doc"
},
{
"binary_version": "1.0.1f-1ubuntu2.16",
"binary_name": "libssl1.0.0"
},
{
"binary_version": "1.0.1f-1ubuntu2.16",
"binary_name": "libssl1.0.0-dbg"
},
{
"binary_version": "1.0.1f-1ubuntu2.16",
"binary_name": "libssl1.0.0-dbgsym"
},
{
"binary_version": "1.0.1f-1ubuntu2.16",
"binary_name": "libssl1.0.0-udeb"
},
{
"binary_version": "1.0.1f-1ubuntu2.16",
"binary_name": "libssl1.0.0-udeb-dbgsym"
},
{
"binary_version": "1.0.1f-1ubuntu2.16",
"binary_name": "openssl"
},
{
"binary_version": "1.0.1f-1ubuntu2.16",
"binary_name": "openssl-dbgsym"
}
]
}
Ubuntu:16.04:LTS / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.2e-1ubuntu1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1.0.2e-1ubuntu1",
"binary_name": "libcrypto1.0.0-udeb"
},
{
"binary_version": "1.0.2e-1ubuntu1",
"binary_name": "libcrypto1.0.0-udeb-dbgsym"
},
{
"binary_version": "1.0.2e-1ubuntu1",
"binary_name": "libssl-dev"
},
{
"binary_version": "1.0.2e-1ubuntu1",
"binary_name": "libssl-dev-dbgsym"
},
{
"binary_version": "1.0.2e-1ubuntu1",
"binary_name": "libssl-doc"
},
{
"binary_version": "1.0.2e-1ubuntu1",
"binary_name": "libssl1.0.0"
},
{
"binary_version": "1.0.2e-1ubuntu1",
"binary_name": "libssl1.0.0-dbg"
},
{
"binary_version": "1.0.2e-1ubuntu1",
"binary_name": "libssl1.0.0-dbgsym"
},
{
"binary_version": "1.0.2e-1ubuntu1",
"binary_name": "libssl1.0.0-udeb"
},
{
"binary_version": "1.0.2e-1ubuntu1",
"binary_name": "libssl1.0.0-udeb-dbgsym"
},
{
"binary_version": "1.0.2e-1ubuntu1",
"binary_name": "openssl"
},
{
"binary_version": "1.0.2e-1ubuntu1",
"binary_name": "openssl-dbgsym"
}
]
}