The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 prior to 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote malicious users to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl 1.0.2 |
||
openssl openssl 1.0.2a |
||
openssl openssl 1.0.2b |
||
openssl openssl 1.0.2c |
||
openssl openssl 1.0.2d |
||
nodejs node.js |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 15.04 |
||
canonical ubuntu linux 15.10 |