Is Access Manager vulnerable to CVE-2015-3195 (X509_ATTRIBUTE memory leak)

  • 7017047
  • 04-Dec-2015
  • 04-Dec-2015


NetIQ Access Manager 4.2
NetIQ Access Manager 4.1
NetIQ Access Manager 4.0


When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
memory. This structure is used by the PKCS#7 and CMS routines so any
application which reads PKCS#7 or CMS data from untrusted sources is affected.
SSL/TLS is not affected.

This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.

Is NAM effected by this?


NAM uses PKCS12 content formats and is not effected by this vulnerability.