CVE-2015-3193

HIGH

OpenSSL 1.0.2 - Exposure of Sensitive Private-Key Information via Montgomery Squaring Implementation

Title source: llm
STIX 2.1

Description

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.

References (22)

Core 22
Core References
Third Party Advisory vendor-advisory
http://www.ubuntu.com/usn/USN-2830-1
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/78705
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/91787
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1034294
Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1288317

Scores

CVSS v3 7.5
EPSS 0.3047
EPSS Percentile 96.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (11)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.04
canonical/ubuntu_linux 15.10
nodejs/node.js 4.0.0 - 4.1.2
nodejs/node.js 4.2.0 - 4.2.3
openssl/openssl 1.0.2
openssl/openssl 1.0.2a
openssl/openssl 1.0.2b
openssl/openssl 1.0.2c
... and 1 more
Published Dec 06, 2015
Tracked Since Feb 18, 2026