Information disclosure in Apple Mac_os_x
CVE-2015-3195
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote atta…
Vulnerability class: Information Disclosure
EPSS: 0.035 (87.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.
Affected products
- Apple Mac_os_x
- Openssl
- Oracle Api_gateway — versions 11.1.2.3.0, 11.1.2.4.0
- Oracle Communications_webrtc_session_controller — versions 7.0, 7.1, 7.2
- Oracle Exalogic_infrastructure — versions 1.0, 2.0
- Oracle Http_server — versions 11.5.10.2
- Oracle Integrated_lights_out_manager_firmware
- Oracle Life_sciences_data_hub — versions 2.1
- Oracle Linux — versions 5, 6, 7
- Oracle Solaris — versions 10, 11.3
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secalert@redhat.com (Third Party Advisory)
- APPLE-SA-2016-03-21-5 (vendor-advisory, Mailing List, Third Party Advisory)
- RHSA-2016:2056 (vendor-advisory, Broken Link)
- secalert@redhat.com (Third Party Advisory)
- secalert@redhat.com (Third Party Advisory)
- secalert@redhat.com (Third Party Advisory)
- 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products (vendor-advisory, Third Party Advisory)
- secalert@redhat.com (Third Party Advisory)
- secalert@redhat.com (Third Party Advisory)
- secalert@redhat.com (Third Party Advisory)
Frequently asked questions
- What is CVE-2015-3195?
- CVE-2015-3195 is a medium-severity vulnerability in Apple Mac_os_x, classified under Information Disclosure. CVSS score: 5.3/10. Published 2015-12-06.
- How severe is CVE-2015-3195?
- Medium severity. CVSS v3 base score is 5.3 out of 10.
- Is CVE-2015-3195 known to be exploited?
- 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.