Vulnerability in Hp Icewall_sso
CVE-2015-3196
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial o…
Vulnerability class: Race Condition
EPSS: 0.073 (91.8th percentile) — read the EPSS interpretation.
Affected products
- Hp Icewall_sso — versions 10.0
- Hp Icewall_sso_agent_option — versions 10.0
- Openssl — versions 1.0.0, 1.0.0a, 1.0.0b
- Oracle Vm_virtualbox
- Canonical Ubuntu_linux — versions 12.04, 14.04, 15.04
- Debian Debian_linux — versions 7.0, 8.0
- Fedoraproject Fedora — versions 22
- Redhat Enterprise_linux_desktop — versions 6.0, 7.0
- Redhat Enterprise_linux_server — versions 6.0, 7.0
- Redhat Enterprise_linux_server_aus — versions 7.2, 7.3, 7.4
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products (vendor-advisory, Third Party Advisory)
- secalert@redhat.com (Third Party Advisory)
- openSUSE-SU-2015:2288 (vendor-advisory, Mailing List, Third Party Advisory)
- secalert@redhat.com
- RHSA-2015:2617 (vendor-advisory, Third Party Advisory)
- secalert@redhat.com (Third Party Advisory)
- SSA:2015-349-04 (vendor-advisory, Third Party Advisory)
- 78622 (Third Party Advisory, VDB Entry, vdb-entry)
- secalert@redhat.com (Patch, Third Party Advisory)
- secalert@redhat.com (Third Party Advisory)
Frequently asked questions
- What is CVE-2015-3196?
- CVE-2015-3196 is a vulnerability in Hp Icewall_sso, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). Published 2015-12-06.
- Is CVE-2015-3196 known to be exploited?
- 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.