CVE-2015-3276 — Incorrect Calculation in Openldap

CWE-682 — Incorrect Calculation10 documents8 sources

Severity

7.5HIGHNVD

EPSS

1.9%

top 16.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openldap Oracle Linux Redhat Enterprise Linux Desktop +6 more

Timeline

PublishedDec 7

Latest updateMay 17

Description

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶NVDopenldap/openldap< 2.5

▶NVDoracle/linux7

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

▶NVDredhat/enterprise_linux_hpc_node7.0

Also affects: Enterprise Linux 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-cc3w-xgwq-vgw8: The nss_parse_ciphers function in libraries/libldap/tls_m↗2022-05-17

▶

CVEList

CVE-2015-3276: The nss_parse_ciphers function in libraries/libldap/tls_m↗2015-12-07

▶

OSV

CVE-2015-3276: The nss_parse_ciphers function in libraries/libldap/tls_m↗2015-12-07

▶

📋Vendor Advisories

Microsoft

CVE-2015-3276: NIST NVD Details: https://nvd↗2021-12-14

▶

Red Hat

openldap: incorrect multi-keyword mode cipherstring parsing↗2015-07-15

▶

Debian

CVE-2015-3276: openldap - The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not...↗2015

▶

💬Community

Bugzilla

CVE-2015-3276 openldap: incorrect multi-keyword mode cipherstring parsing [fedora-all]↗2015-07-15

▶

Bugzilla

CVE-2015-3276 openldap: incorrect multi-keyword mode cipherstring parsing↗2015-07-01

▶

Bugzilla

CVE-2015-3277 mod_nss: incorrect multi-keyword mode cipherstring parsing↗2015-07-01

▶