CVE-2015-3196

EPSS

7.13%V4

Vector

Network

Published

2015-12-05
23h00 +00:00

Modified

2022-12-12
23h00 +00:00

Official links

CVE.org

NVD

Notifications for a CVE

Stay informed of any changes for a specific CVE.

Notifications manage

List of Notifications

Notifications for a CVE

Stay informed of any changes for a specific CVE.

Criteria applied when sending the alert: compared with the last alert sent + differences in CISA, EPSS, CVSS, CWE, Solutions, CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specified here a CVE ID as CVE-2025-1234

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CVE Descriptions

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	4.3		AV:N/AC:M/Au:N/C:N/I:N/A:P	nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	4.72%	–	–
2022-04-03	–	–	4.72%	–	–
2022-07-17	–	–	4.72%	–	–
2023-03-12	–	–	–	1.37%	–
2023-05-21	–	–	–	1.49%	–
2023-10-01	–	–	–	1.2%	–
2023-11-12	–	–	–	3.43%	–
2023-12-24	–	–	–	3.43%	–
2024-01-07	–	–	–	3.92%	–
2024-02-11	–	–	–	3.92%	–
2024-06-02	–	–	–	1.47%	–
2024-12-22	–	–	–	2.27%	–
2025-02-23	–	–	–	2.27%	–
2025-01-19	–	–	–	2.27%	–
2025-02-23	–	–	–	2.27%	–
2025-03-18	–	–	–	–	5.99%
2025-03-30	–	–	–	–	7.24%
2025-04-06	–	–	–	–	5.18%
2025-04-10	–	–	–	–	7.13%
2025-04-10	–	–	–	–	7.13,%

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Date	Percentile
2022-02-06	75%
2022-04-03	88%
2022-07-17	89%
2023-03-12	84%
2023-05-21	85%
2023-10-01	84%
2023-11-12	9%
2023-12-24	91%
2024-01-07	91%
2024-02-11	92%
2024-06-02	87%
2024-12-22	89%
2025-02-23	9%
2025-01-19	89%
2025-02-23	9%
2025-03-18	9%
2025-03-30	91%
2025-04-06	89%
2025-04-10	91%
2025-04-10	91%

Products Mentioned

Configuraton 0

Hp>>Icewall_sso >> Version 10.0

Hp>>Icewall_sso >> Version 10.0 (Open CPE detail)
Hp>>Icewall_sso >> Version 10.0 (Open CPE detail)

Hp>>Icewall_sso_agent_option >> Version 10.0

Hp>>Icewall_sso_agent_option >> Version 10.0 (Open CPE detail)
Hp>>Icewall_sso_agent_option >> Version 10.0 (Open CPE detail)

Configuraton 0

Openssl>>Openssl >> Version 1.0.0

Openssl>>Openssl >> Version 1.0.0 (Open CPE detail)
Openssl>>Openssl >> Version 1.0.0 (Open CPE detail)
Openssl>>Openssl >> Version 1.0.0 (Open CPE detail)
Openssl>>Openssl >> Version 1.0.0 (Open CPE detail)
Openssl>>Openssl >> Version 1.0.0 (Open CPE detail)
Openssl>>Openssl >> Version 1.0.0 (Open CPE detail)
Openssl>>Openssl >> Version 1.0.0 (Open CPE detail)

Openssl>>Openssl >> Version 1.0.0a

Openssl>>Openssl >> Version 1.0.0a (Open CPE detail)

Openssl>>Openssl >> Version 1.0.0b

Openssl>>Openssl >> Version 1.0.0b (Open CPE detail)

Openssl>>Openssl >> Version 1.0.0c

Openssl>>Openssl >> Version 1.0.0c (Open CPE detail)

Openssl>>Openssl >> Version 1.0.0d

Openssl>>Openssl >> Version 1.0.0d (Open CPE detail)

Openssl>>Openssl >> Version 1.0.0e

Openssl>>Openssl >> Version 1.0.0e (Open CPE detail)

Openssl>>Openssl >> Version 1.0.0f

Openssl>>Openssl >> Version 1.0.0f (Open CPE detail)

Openssl>>Openssl >> Version 1.0.0g

Openssl>>Openssl >> Version 1.0.0g (Open CPE detail)

Openssl>>Openssl >> Version 1.0.0h

Openssl>>Openssl >> Version 1.0.0h (Open CPE detail)

Openssl>>Openssl >> Version 1.0.0i

Openssl>>Openssl >> Version 1.0.0i (Open CPE detail)

Openssl>>Openssl >> Version 1.0.0j

Openssl>>Openssl >> Version 1.0.0j (Open CPE detail)

Openssl>>Openssl >> Version 1.0.0k

Openssl>>Openssl >> Version 1.0.0k (Open CPE detail)

Openssl>>Openssl >> Version 1.0.0l

Openssl>>Openssl >> Version 1.0.0l (Open CPE detail)

Openssl>>Openssl >> Version 1.0.0m

Openssl>>Openssl >> Version 1.0.0m (Open CPE detail)

Openssl>>Openssl >> Version 1.0.0n

Openssl>>Openssl >> Version 1.0.0n (Open CPE detail)

Openssl>>Openssl >> Version 1.0.0o

Openssl>>Openssl >> Version 1.0.0o (Open CPE detail)

Openssl>>Openssl >> Version 1.0.0p

Openssl>>Openssl >> Version 1.0.0p (Open CPE detail)

Openssl>>Openssl >> Version 1.0.0q

Openssl>>Openssl >> Version 1.0.0q (Open CPE detail)

Openssl>>Openssl >> Version 1.0.0r

Openssl>>Openssl >> Version 1.0.0r (Open CPE detail)

Openssl>>Openssl >> Version 1.0.0s

Openssl>>Openssl >> Version 1.0.0s (Open CPE detail)

Openssl>>Openssl >> Version 1.0.1

Openssl>>Openssl >> Version 1.0.1 (Open CPE detail)
Openssl>>Openssl >> Version 1.0.1 (Open CPE detail)
Openssl>>Openssl >> Version 1.0.1 (Open CPE detail)
Openssl>>Openssl >> Version 1.0.1 (Open CPE detail)
Openssl>>Openssl >> Version 1.0.1 (Open CPE detail)

Openssl>>Openssl >> Version 1.0.1a

Openssl>>Openssl >> Version 1.0.1a (Open CPE detail)

Openssl>>Openssl >> Version 1.0.1b

Openssl>>Openssl >> Version 1.0.1b (Open CPE detail)

Openssl>>Openssl >> Version 1.0.1c

Openssl>>Openssl >> Version 1.0.1c (Open CPE detail)

Openssl>>Openssl >> Version 1.0.1d

Openssl>>Openssl >> Version 1.0.1d (Open CPE detail)

Openssl>>Openssl >> Version 1.0.1e

Openssl>>Openssl >> Version 1.0.1e (Open CPE detail)

Openssl>>Openssl >> Version 1.0.1f

Openssl>>Openssl >> Version 1.0.1f (Open CPE detail)

Openssl>>Openssl >> Version 1.0.1g

Openssl>>Openssl >> Version 1.0.1g (Open CPE detail)

Openssl>>Openssl >> Version 1.0.1h

Openssl>>Openssl >> Version 1.0.1h (Open CPE detail)

Openssl>>Openssl >> Version 1.0.1i

Openssl>>Openssl >> Version 1.0.1i (Open CPE detail)

Openssl>>Openssl >> Version 1.0.1j

Openssl>>Openssl >> Version 1.0.1j (Open CPE detail)

Openssl>>Openssl >> Version 1.0.1k

Openssl>>Openssl >> Version 1.0.1k (Open CPE detail)

Openssl>>Openssl >> Version 1.0.1l

Openssl>>Openssl >> Version 1.0.1l (Open CPE detail)

Openssl>>Openssl >> Version 1.0.1m

Openssl>>Openssl >> Version 1.0.1m (Open CPE detail)

Openssl>>Openssl >> Version 1.0.1n

Openssl>>Openssl >> Version 1.0.1n (Open CPE detail)

Openssl>>Openssl >> Version 1.0.1o

Openssl>>Openssl >> Version 1.0.1o (Open CPE detail)

Configuraton 0

Oracle>>Vm_virtualbox >> Version From (including) 4.3.0 To (including) 4.3.35

Oracle>>Vm_virtualbox >> Version 4.3.0 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 4.3.2 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 4.3.4 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 4.3.6 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 4.3.8 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 4.3.10 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 4.3.12 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 4.3.14 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 4.3.16 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 4.3.18 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 4.3.22 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 4.3.24 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 4.3.26 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 4.3.28 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 4.3.29 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 4.3.30 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 4.3.32 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 4.3.34 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 4.3.35 (Open CPE detail)

Oracle>>Vm_virtualbox >> Version From (including) 5.0.0 To (including) 5.0.13

Oracle>>Vm_virtualbox >> Version 5.0.0 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 5.0.2 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 5.0.4 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 5.0.6 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 5.0.8 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 5.0.10 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 5.0.12 (Open CPE detail)
Oracle>>Vm_virtualbox >> Version 5.0.13 (Open CPE detail)

Configuraton 0

Fedoraproject>>Fedora >> Version 22

Fedoraproject>>Fedora >> Version 22 (Open CPE detail)

Redhat>>Enterprise_linux_desktop >> Version 6.0

Redhat>>Enterprise_linux_desktop >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_desktop >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_desktop >> Version 6.0 (Open CPE detail)

Redhat>>Enterprise_linux_desktop >> Version 7.0

Redhat>>Enterprise_linux_desktop >> Version 7.0 (Open CPE detail)
Redhat>>Enterprise_linux_desktop >> Version 7.0 (Open CPE detail)

Redhat>>Enterprise_linux_server >> Version 6.0

Redhat>>Enterprise_linux_server >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_server >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_server >> Version 6.0 (Open CPE detail)

Redhat>>Enterprise_linux_server >> Version 7.0

Redhat>>Enterprise_linux_server >> Version 7.0 (Open CPE detail)
Redhat>>Enterprise_linux_server >> Version 7.0 (Open CPE detail)

Redhat>>Enterprise_linux_server_aus >> Version 7.2

Redhat>>Enterprise_linux_server_aus >> Version 7.2 (Open CPE detail)

Redhat>>Enterprise_linux_server_aus >> Version 7.3

Redhat>>Enterprise_linux_server_aus >> Version 7.3 (Open CPE detail)

Redhat>>Enterprise_linux_server_aus >> Version 7.4

Redhat>>Enterprise_linux_server_aus >> Version 7.4 (Open CPE detail)

Redhat>>Enterprise_linux_server_eus >> Version 6.7

Redhat>>Enterprise_linux_server_eus >> Version 6.7 (Open CPE detail)

Redhat>>Enterprise_linux_server_eus >> Version 7.2

Redhat>>Enterprise_linux_server_eus >> Version 7.2 (Open CPE detail)

Redhat>>Enterprise_linux_server_eus >> Version 7.3

Redhat>>Enterprise_linux_server_eus >> Version 7.3 (Open CPE detail)

Redhat>>Enterprise_linux_server_eus >> Version 7.4

Redhat>>Enterprise_linux_server_eus >> Version 7.4 (Open CPE detail)

Redhat>>Enterprise_linux_server_eus >> Version 7.5

Redhat>>Enterprise_linux_server_eus >> Version 7.5 (Open CPE detail)

Redhat>>Enterprise_linux_server_eus >> Version 7.6

Redhat>>Enterprise_linux_server_eus >> Version 7.6 (Open CPE detail)

Redhat>>Enterprise_linux_server_tus >> Version 7.2

Redhat>>Enterprise_linux_server_tus >> Version 7.2 (Open CPE detail)

Redhat>>Enterprise_linux_server_tus >> Version 7.3

Redhat>>Enterprise_linux_server_tus >> Version 7.3 (Open CPE detail)

Redhat>>Enterprise_linux_server_tus >> Version 7.6

Redhat>>Enterprise_linux_server_tus >> Version 7.6 (Open CPE detail)

Redhat>>Enterprise_linux_workstation >> Version 6.0

Redhat>>Enterprise_linux_workstation >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_workstation >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_workstation >> Version 6.0 (Open CPE detail)

Redhat>>Enterprise_linux_workstation >> Version 7.0

Redhat>>Enterprise_linux_workstation >> Version 7.0 (Open CPE detail)
Redhat>>Enterprise_linux_workstation >> Version 7.0 (Open CPE detail)

Configuraton 0

Canonical>>Ubuntu_linux >> Version 12.04

Canonical>>Ubuntu_linux >> Version 12.04 (Open CPE detail)

Canonical>>Ubuntu_linux >> Version 14.04

Canonical>>Ubuntu_linux >> Version 14.04 (Open CPE detail)

Canonical>>Ubuntu_linux >> Version 15.04

Canonical>>Ubuntu_linux >> Version 15.04 (Open CPE detail)

Canonical>>Ubuntu_linux >> Version 15.10

Canonical>>Ubuntu_linux >> Version 15.10 (Open CPE detail)

Debian>>Debian_linux >> Version 7.0

Debian>>Debian_linux >> Version 7.0 (Open CPE detail)

Debian>>Debian_linux >> Version 8.0

Debian>>Debian_linux >> Version 8.0 (Open CPE detail)

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
Tags : vendor-advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
Tags : Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html
Tags : vendor-advisory

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c

http://rhn.redhat.com/errata/RHSA-2015-2617.html
Tags : vendor-advisory

http://www.fortiguard.com/advisory/openssl-advisory-december-2015
Tags : Third Party Advisory

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
Tags : vendor-advisory

http://www.securityfocus.com/bid/78622
Tags : vdb-entry

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Tags : Patch, Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Tags : Third Party Advisory

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
Tags : Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
Tags : Third Party Advisory

http://marc.info/?l=bugtraq&m=145382583417444&w=2
Tags : vendor-advisory

http://www.ubuntu.com/usn/USN-2830-1
Tags : vendor-advisory

http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html
Tags : vendor-advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html
Tags : vendor-advisory

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Tags : Patch, Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2957.html
Tags : vendor-advisory

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Tags : Third Party Advisory

http://openssl.org/news/secadv/20151203.txt
Tags : Vendor Advisory

http://www.securitytracker.com/id/1034294
Tags : vdb-entry

http://fortiguard.com/advisory/openssl-advisory-december-2015
Tags : Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
Tags : Third Party Advisory

http://www.debian.org/security/2015/dsa-3413
Tags : vendor-advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Tags : Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

CVE-2015-3196 : Detail

CVE-2015-3196

CVE Descriptions

CVE Informations

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Products Mentioned

Configuraton 0

Configuraton 0

Configuraton 0

Configuraton 0

Configuraton 0

References