Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2015-3193

Published: 3 December 2015

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.

Notes

AuthorNote
mdeslaur
1.0.2 only

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
openssl
Launchpad, Ubuntu, Debian
precise Not vulnerable
(1.0.1-4ubuntu5.31)
trusty Not vulnerable
(1.0.1f-1ubuntu2.15)
upstream
Released (1.0.2e)
vivid Not vulnerable
(1.0.1f-1ubuntu11.4)
wily
Released (1.0.2d-0ubuntu1.2)
Patches:
upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72 (1.0.2)
openssl098
Launchpad, Ubuntu, Debian
precise Not vulnerable

trusty Does not exist
(trusty was not-affected)
upstream Not vulnerable

vivid Not vulnerable

wily Does not exist