The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
13 Dec 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Aug 2022, 11:14
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* |
|
References | (BID) http://www.securityfocus.com/bid/91787 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://kb.isc.org/article/AA-01438 - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Patch, Third Party Advisory | |
References | (CONFIRM) https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322 - Third Party Advisory | |
References | (CONFIRM) http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 - Third Party Advisory | |
References | (CONFIRM) https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72 - Patch, Vendor Advisory | |
References | (CONFIRM) http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 - Third Party Advisory | |
References | (CONFIRM) http://fortiguard.com/advisory/openssl-advisory-december-2015 - Third Party Advisory | |
References | (MISC) https://blog.fuzzing-project.org/31-Fuzzing-Math-miscalculations-in-OpenSSLs-BN_mod_exp-CVE-2015-3193.html - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html - Patch, Third Party Advisory | |
References | (SLACKWARE) http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583 - Third Party Advisory | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1288317 - Issue Tracking, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/78705 - Third Party Advisory, VDB Entry | |
References | (SLACKWARE) http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966 - Third Party Advisory | |
References | (UBUNTU) http://www.ubuntu.com/usn/USN-2830-1 - Third Party Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id/1034294 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100 - Third Party Advisory | |
References | (CISCO) http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl - Third Party Advisory | |
References | (CONFIRM) http://www.fortiguard.com/advisory/openssl-advisory-december-2015 - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html - Patch, Third Party Advisory |
Information
Published : 2015-12-06 20:59
Updated : 2024-02-04 18:53
NVD link : CVE-2015-3193
Mitre link : CVE-2015-3193
CVE.ORG link : CVE-2015-3193
JSON object : View
Products Affected
openssl
- openssl
nodejs
- node.js
canonical
- ubuntu_linux
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor