CVE-2015-3193

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.
References
Link Resource
http://fortiguard.com/advisory/openssl-advisory-december-2015 Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 Third Party Advisory
http://openssl.org/news/secadv/20151203.txt Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl Third Party Advisory
http://www.fortiguard.com/advisory/openssl-advisory-december-2015 Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Patch Third Party Advisory
http://www.securityfocus.com/bid/78705 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/91787 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034294 Third Party Advisory VDB Entry
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966 Third Party Advisory
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583 Third Party Advisory
http://www.ubuntu.com/usn/USN-2830-1 Third Party Advisory
https://blog.fuzzing-project.org/31-Fuzzing-Math-miscalculations-in-OpenSSLs-BN_mod_exp-CVE-2015-3193.html Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1288317 Issue Tracking Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d73cc256c8e256c32ed959456101b73ba9842f72
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322 Third Party Advisory
https://kb.isc.org/article/AA-01438 Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

History

13 Dec 2022, 12:15

Type Values Removed Values Added
References
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf -

19 Aug 2022, 11:14

Type Values Removed Values Added
CVSS v2 : 5.0
v3 : unknown
v2 : 5.0
v3 : 7.5
CPE cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
References (BID) http://www.securityfocus.com/bid/91787 - (BID) http://www.securityfocus.com/bid/91787 - Third Party Advisory, VDB Entry
References (CONFIRM) https://kb.isc.org/article/AA-01438 - (CONFIRM) https://kb.isc.org/article/AA-01438 - Third Party Advisory
References (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Patch, Third Party Advisory
References (CONFIRM) https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322 - (CONFIRM) https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322 - Third Party Advisory
References (CONFIRM) http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 - (CONFIRM) http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 - Third Party Advisory
References (CONFIRM) https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72 - (CONFIRM) https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72 - Patch, Vendor Advisory
References (CONFIRM) http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 - (CONFIRM) http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 - Third Party Advisory
References (CONFIRM) http://fortiguard.com/advisory/openssl-advisory-december-2015 - (CONFIRM) http://fortiguard.com/advisory/openssl-advisory-december-2015 - Third Party Advisory
References (MISC) https://blog.fuzzing-project.org/31-Fuzzing-Math-miscalculations-in-OpenSSLs-BN_mod_exp-CVE-2015-3193.html - (MISC) https://blog.fuzzing-project.org/31-Fuzzing-Math-miscalculations-in-OpenSSLs-BN_mod_exp-CVE-2015-3193.html - Third Party Advisory
References (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html - (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html - Patch, Third Party Advisory
References (SLACKWARE) http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583 - (SLACKWARE) http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583 - Third Party Advisory
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1288317 - (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1288317 - Issue Tracking, Third Party Advisory
References (BID) http://www.securityfocus.com/bid/78705 - (BID) http://www.securityfocus.com/bid/78705 - Third Party Advisory, VDB Entry
References (SLACKWARE) http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966 - (SLACKWARE) http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966 - Third Party Advisory
References (UBUNTU) http://www.ubuntu.com/usn/USN-2830-1 - (UBUNTU) http://www.ubuntu.com/usn/USN-2830-1 - Third Party Advisory
References (SECTRACK) http://www.securitytracker.com/id/1034294 - (SECTRACK) http://www.securitytracker.com/id/1034294 - Third Party Advisory, VDB Entry
References (CONFIRM) https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100 - (CONFIRM) https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100 - Third Party Advisory
References (CISCO) http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl - (CISCO) http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl - Third Party Advisory
References (CONFIRM) http://www.fortiguard.com/advisory/openssl-advisory-december-2015 - (CONFIRM) http://www.fortiguard.com/advisory/openssl-advisory-december-2015 - Third Party Advisory
References (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html - (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html - Patch, Third Party Advisory

Information

Published : 2015-12-06 20:59

Updated : 2024-02-04 18:53


NVD link : CVE-2015-3193

Mitre link : CVE-2015-3193

CVE.ORG link : CVE-2015-3193


JSON object : View

Products Affected

openssl

  • openssl

nodejs

  • node.js

canonical

  • ubuntu_linux
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor