CVE-2015-3276

ADVISORY - debian

Summary

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.

openldap (unimportant) Debian builds with GNUTLS, not NSS

EPSS Score⁠: 0.02147 (0.833)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-noinfo⁠

ADVISORY - redhat

CWE-682⁠

Incorrect Calculation

Impacted images

Advisories

Debian

CREATED

9 years ago

UPDATED

2 months ago

ADVISORY IDCVE-2015-3276⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/openldap	deb	debian	12	>=2.5.13+dfsg-5	Not yet available
debian/openldap	deb	debian	11	>=2.4.57+dfsg-3+deb11u1	Not yet available
debian/openldap	deb	debian	13	>=2.6.9+dfsg-2	Not yet available
debian/openldap	deb	debian	unstable	>=2.6.9+dfsg-2	Not yet available

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

9 years ago

UPDATED

1 month ago

ADVISORY IDCVE-2015-3276⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-noinfo⁠

CVSS SCORE

7.5high

Ubuntu

CREATED

9 years ago

UPDATED

2 months ago

ADVISORY IDCVE-2015-3276⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5low

Amazon

CREATED

8 years ago

UPDATED

8 years ago

ADVISORY IDALAS-2017-799⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

10 years ago

UPDATED

2 months ago

ADVISORY IDCVE-2015-3276⁠

EXPLOITABILITY SCORE

8.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-682⁠

CVSS SCORE

4.3medium

Oracle

CREATED

9 years ago

UPDATED

9 years ago

ADVISORY IDELSA-2015-2131⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium