CVE-2015-3196 - 漏洞详情

CVE-2015-3196 (CNNVD-201512-076)

MEDIUM

中文标题:

OpenSSL 拒绝服务漏洞

英文标题:

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when use...

CVSS分数: 4.3

发布时间: 2015-12-06 00:00:00

漏洞类型: 竞争条件问题

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层（SSL v2/v3）和安全传输层（TLS v1）协议的通用加密库，它支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。 OpenSSL的ssl/s3_clnt.c文件中存在安全漏洞，该漏洞源于程序在multi-threaded客户端使用时，向错误的数据结构体写入PSK身份标记。远程攻击者可借助特制的ServerKeyExchange标记利用该漏洞造成拒绝服务（竞争条件和双重释放）。以下版本受到影响：OpenSSL 1.0.0t之前1.0.0版本，1.0.1p之前1.0.1版本，1.0.2d之前1.0.2版本。

英文描述:

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.

CWE类型:

CWE-362

受影响产品

厂商	产品	版本	版本范围	平台	CPE
hp	icewall_sso	10.0	-	-	`cpe:2.3:a:hp:icewall_sso:10.0::::certd:::`
hp	icewall_sso_agent_option	10.0	-	-	`cpe:2.3:a:hp:icewall_sso_agent_option:10.0:::::::*`
openssl	openssl	1.0.0	-	-	`cpe:2.3:a:openssl:openssl:1.0.0:::::::*`
openssl	openssl	1.0.0a	-	-	`cpe:2.3:a:openssl:openssl:1.0.0a:::::::*`
openssl	openssl	1.0.0b	-	-	`cpe:2.3:a:openssl:openssl:1.0.0b:::::::*`
openssl	openssl	1.0.0c	-	-	`cpe:2.3:a:openssl:openssl:1.0.0c:::::::*`
openssl	openssl	1.0.0d	-	-	`cpe:2.3:a:openssl:openssl:1.0.0d:::::::*`
openssl	openssl	1.0.0e	-	-	`cpe:2.3:a:openssl:openssl:1.0.0e:::::::*`
openssl	openssl	1.0.0f	-	-	`cpe:2.3:a:openssl:openssl:1.0.0f:::::::*`
openssl	openssl	1.0.0g	-	-	`cpe:2.3:a:openssl:openssl:1.0.0g:::::::*`
openssl	openssl	1.0.0h	-	-	`cpe:2.3:a:openssl:openssl:1.0.0h:::::::*`
openssl	openssl	1.0.0i	-	-	`cpe:2.3:a:openssl:openssl:1.0.0i:::::::*`
openssl	openssl	1.0.0j	-	-	`cpe:2.3:a:openssl:openssl:1.0.0j:::::::*`
openssl	openssl	1.0.0k	-	-	`cpe:2.3:a:openssl:openssl:1.0.0k:::::::*`
openssl	openssl	1.0.0l	-	-	`cpe:2.3:a:openssl:openssl:1.0.0l:::::::*`
openssl	openssl	1.0.0m	-	-	`cpe:2.3:a:openssl:openssl:1.0.0m:::::::*`
openssl	openssl	1.0.0n	-	-	`cpe:2.3:a:openssl:openssl:1.0.0n:::::::*`
openssl	openssl	1.0.0o	-	-	`cpe:2.3:a:openssl:openssl:1.0.0o:::::::*`
openssl	openssl	1.0.0p	-	-	`cpe:2.3:a:openssl:openssl:1.0.0p:::::::*`
openssl	openssl	1.0.0q	-	-	`cpe:2.3:a:openssl:openssl:1.0.0q:::::::*`
openssl	openssl	1.0.0r	-	-	`cpe:2.3:a:openssl:openssl:1.0.0r:::::::*`
openssl	openssl	1.0.0s	-	-	`cpe:2.3:a:openssl:openssl:1.0.0s:::::::*`
openssl	openssl	1.0.1	-	-	`cpe:2.3:a:openssl:openssl:1.0.1:::::::*`
openssl	openssl	1.0.1a	-	-	`cpe:2.3:a:openssl:openssl:1.0.1a:::::::*`
openssl	openssl	1.0.1b	-	-	`cpe:2.3:a:openssl:openssl:1.0.1b:::::::*`
openssl	openssl	1.0.1c	-	-	`cpe:2.3:a:openssl:openssl:1.0.1c:::::::*`
openssl	openssl	1.0.1d	-	-	`cpe:2.3:a:openssl:openssl:1.0.1d:::::::*`
openssl	openssl	1.0.1e	-	-	`cpe:2.3:a:openssl:openssl:1.0.1e:::::::*`
openssl	openssl	1.0.1f	-	-	`cpe:2.3:a:openssl:openssl:1.0.1f:::::::*`
openssl	openssl	1.0.1g	-	-	`cpe:2.3:a:openssl:openssl:1.0.1g:::::::*`
openssl	openssl	1.0.1h	-	-	`cpe:2.3:a:openssl:openssl:1.0.1h:::::::*`
openssl	openssl	1.0.1i	-	-	`cpe:2.3:a:openssl:openssl:1.0.1i:::::::*`
openssl	openssl	1.0.1j	-	-	`cpe:2.3:a:openssl:openssl:1.0.1j:::::::*`
openssl	openssl	1.0.1k	-	-	`cpe:2.3:a:openssl:openssl:1.0.1k:::::::*`
openssl	openssl	1.0.1l	-	-	`cpe:2.3:a:openssl:openssl:1.0.1l:::::::*`
openssl	openssl	1.0.1m	-	-	`cpe:2.3:a:openssl:openssl:1.0.1m:::::::*`
openssl	openssl	1.0.1n	-	-	`cpe:2.3:a:openssl:openssl:1.0.1n:::::::*`
openssl	openssl	1.0.1o	-	-	`cpe:2.3:a:openssl:openssl:1.0.1o:::::::*`
oracle	vm_virtualbox	*	-	-	`cpe:2.3:a:oracle:vm_virtualbox::::::::`
fedoraproject	fedora	22	-	-	`cpe:2.3:o:fedoraproject:fedora:22:::::::*`
redhat	enterprise_linux_desktop	6.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*`
redhat	enterprise_linux_desktop	7.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*`
redhat	enterprise_linux_server	6.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*`
redhat	enterprise_linux_server	7.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*`
redhat	enterprise_linux_server_aus	7.2	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*`
redhat	enterprise_linux_server_aus	7.3	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*`
redhat	enterprise_linux_server_aus	7.4	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*`
redhat	enterprise_linux_server_eus	6.7	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:::::::*`
redhat	enterprise_linux_server_eus	7.2	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*`
redhat	enterprise_linux_server_eus	7.3	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*`
redhat	enterprise_linux_server_eus	7.4	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*`
redhat	enterprise_linux_server_eus	7.5	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*`
redhat	enterprise_linux_server_eus	7.6	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*`
redhat	enterprise_linux_server_tus	7.2	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*`
redhat	enterprise_linux_server_tus	7.3	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*`
redhat	enterprise_linux_server_tus	7.6	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*`
redhat	enterprise_linux_workstation	6.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*`
redhat	enterprise_linux_workstation	7.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*`
canonical	ubuntu_linux	12.04	-	-	`cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::`
canonical	ubuntu_linux	14.04	-	-	`cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::`
canonical	ubuntu_linux	15.04	-	-	`cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*`
canonical	ubuntu_linux	15.10	-	-	`cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*`
debian	debian_linux	7.0	-	-	`cpe:2.3:o:debian:debian_linux:7.0:::::::*`
debian	debian_linux	8.0	-	-	`cpe:2.3:o:debian:debian_linux:8.0:::::::*`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products vendor-advisory
cve.org

访问

无标题 OTHER
cve.org

访问

openSUSE-SU-2015:2288 vendor-advisory
cve.org

访问

无标题 OTHER
cve.org

访问

RHSA-2015:2617 vendor-advisory
cve.org

访问

无标题 OTHER
cve.org

访问

SSA:2015-349-04 vendor-advisory
cve.org

访问

78622 vdb-entry
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

HPSBGN03536 vendor-advisory
cve.org

访问

USN-2830-1 vendor-advisory
cve.org

访问

openSUSE-SU-2015:2289 vendor-advisory
cve.org

访问

FEDORA-2015-d87d60b9a9 vendor-advisory
cve.org

访问

无标题 OTHER
cve.org

访问

RHSA-2016:2957 vendor-advisory
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

1034294 vdb-entry
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

DSA-3413 vendor-advisory
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

CVSS评分详情

4.3

MEDIUM

CVSS向量: AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS版本: 2.0

机密性

NONE

完整性

NONE

可用性

PARTIAL

时间信息

发布时间:

2015-12-06 00:00:00

修改时间:

2024-08-06 05:39:31

创建时间:

2025-11-11 15:34:02

更新时间:

2025-11-11 15:52:18

利用信息

暂无可利用代码信息

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2015-3196`	2025-11-11 15:18:56	2025-11-11 07:34:02
NVD	`nvd_CVE-2015-3196`	2025-11-11 14:54:53	2025-11-11 07:42:44
CNNVD	`cnnvd_CNNVD-201512-076`	2025-11-11 15:09:37	2025-11-11 07:52:18

版本与语言

当前版本: v3

主要语言: EN

支持语言:

EN ZH

安全公告

暂无安全公告信息

变更历史

v3 CNNVD

2025-11-11 15:52:18

vulnerability_type: 未提取 → 竞争条件问题; cnnvd_id: 未提取 → CNNVD-201512-076; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 竞争条件问题
cnnvd_id: 未提取 -> CNNVD-201512-076
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:42:44

cvss_score: 未提取 → 4.3; cvss_vector: NOT_EXTRACTED → AV:N/AC:M/Au:N/C:N/I:N/A:P; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 64; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

cvss_score: 未提取 -> 4.3
cvss_vector: NOT_EXTRACTED -> AV:N/AC:M/Au:N/C:N/I:N/A:P
cvss_version: NOT_EXTRACTED -> 2.0
affected_products_count: 0 -> 64
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2015-3196 (CNNVD-201512-076)

中文标题:

OpenSSL 拒绝服务漏洞

英文标题:

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when use...

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史