CVE-2015-3276
CVE Details
Visit the official vulnerability details page for CVE-2015-3276 to learn more.
Initial Publication
01/20/2025
Last Update
09/02/2025
Third Party Dependency
libldap-2.5-0
NIST CVE Summary
The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
CVE Severity
Our Official Summary
This is a high-severity vulnerability in OpenLDAP, specifically in the nss_parse_ciphers function within libraries/libldap/tls_m.c. This function fails to correctly parse OpenSSL-style multi-keyword cipher strings, potentially leading to the unintended use of weaker ciphers. As a result, remote attackers could exploit this flaw to compromise the integrity of encrypted communications.
Risk of exploitation is low for our products as attacker has to gain privilged access to the container and run code on the container to be able to exploit this. Probability of exploitation is very low. If a fix becomes available upstream, that will be adopted to fix this vulnerability.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.16 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.41 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.22 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 05/29/2025 | Status changed from Open to Ongoing |
| 05/29/2025 | Official summary added |