Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-gzvn-8b6y-xqeb
Vulnerability ID VCID-gzvn-8b6y-xqeb
Aliases CVE-2015-5291
Summary Multiple vulnerabilities have been found in mbed TLS, the worst of which could lead to the remote execution of arbitrary code.
Status Published
Exploitability 0.5
Weighted Severity 6.1
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
epss 0.02049 https://api.first.org/data/v1/epss?cve=CVE-2015-5291
epss 0.02049 https://api.first.org/data/v1/epss?cve=CVE-2015-5291
epss 0.02049 https://api.first.org/data/v1/epss?cve=CVE-2015-5291
epss 0.02049 https://api.first.org/data/v1/epss?cve=CVE-2015-5291
epss 0.02049 https://api.first.org/data/v1/epss?cve=CVE-2015-5291
epss 0.02049 https://api.first.org/data/v1/epss?cve=CVE-2015-5291
epss 0.02049 https://api.first.org/data/v1/epss?cve=CVE-2015-5291
epss 0.02049 https://api.first.org/data/v1/epss?cve=CVE-2015-5291
epss 0.02049 https://api.first.org/data/v1/epss?cve=CVE-2015-5291
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2015-5291
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html
https://api.first.org/data/v1/epss?cve=CVE-2015-5291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8036
https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf
https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
http://www.debian.org/security/2016/dsa-3468
cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
CVE-2015-5291 https://nvd.nist.gov/vuln/detail/CVE-2015-5291
GLSA-201706-18 https://security.gentoo.org/glsa/201706-18
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2015-5291
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.83792
EPSS Score 0.02049
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:01:30.132210+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201706-18 38.0.0