{
  "threat_severity" : "Moderate",
  "public_date" : "2015-07-15T00:00:00Z",
  "bugzilla" : {
    "description" : "openldap: incorrect multi-keyword mode cipherstring parsing",
    "id" : "1238322",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1238322"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-682",
  "details" : [ "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled." ],
  "statement" : "This issue does not affect the version of openldap package as shipped with Red Hat Enterprise Linux 5.\nThis issue does not affect the version of openldap package as shipped with Red Hat Enterprise Linux 8.",
  "acknowledgement" : "This issue was discovered by Martin Poole (Red Hat Software Maintenance Engineering group).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-11-19T00:00:00Z",
    "advisory" : "RHSA-2015:2131",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "openldap-0:2.4.40-8.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "openldap",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "openldap",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-3276\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3276" ],
  "name" : "CVE-2015-3276",
  "csaw" : false
}