CVE-2015-3193
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2015-3193
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-3193.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2015-3193
- Related
- Published
- 2015-12-06T20:59:02Z
- Modified
- 2024-09-18T01:00:20Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The Montgomery squaring implementation in crypto/bn/asm/x8664-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x8664 platform, as used by the BNmodexp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.
- References
-
- http://fortiguard.com/advisory/openssl-advisory-december-2015
- http://openssl.org/news/secadv/20151203.txt
- http://www.fortiguard.com/advisory/openssl-advisory-december-2015
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.securityfocus.com/bid/78705
- http://www.securityfocus.com/bid/91787
- http://www.securitytracker.com/id/1034294
- http://www.ubuntu.com/usn/USN-2830-1
- https://blog.fuzzing-project.org/31-Fuzzing-Math-miscalculations-in-OpenSSLs-BN_mod_exp-CVE-2015-3193.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1288317
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d73cc256c8e256c32ed959456101b73ba9842f72
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
- https://kb.isc.org/article/AA-01438
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
- https://security-tracker.debian.org/tracker/CVE-2015-3193
Affected packages
Debian:11 / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/debian/openssl?arch=source
Debian:12 / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/debian/openssl?arch=source
Debian:13 / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/debian/openssl?arch=source