Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
445
VMScore

CVE-2015-3193

Published: 06/12/2015 Updated: 13/02/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Openssl

Vulnerability Summary

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 prior to 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote malicious users to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 1.0.2a

openssl openssl 1.0.2b

openssl openssl 1.0.2c

openssl openssl 1.0.2

openssl openssl 1.0.2d

nodejs node.js

canonical ubuntu linux 15.10

canonical ubuntu linux 15.04

canonical ubuntu linux 14.04

canonical ubuntu linux 12.04

Vendor Advisories

Ubuntu Security Notice: openssl vulnerabilities
Several security issues were fixed in OpenSSL ...
Red Hat: CVE-2015-3193
The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5pl in OpenSSL 102 before 102e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffi ...
Cisco: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
On December 3, 2015, the OpenSSL Project released a security advisory detailing five vulnerabilities Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition This advisory will be updated as addi ...

ICS Advisories

Siemens SCALANCE X-200RNA Switch Devices

Exploits

Exploit DB: Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle
Orion Elite Hidden IP Browser Pro versions 10 through 79 have insecure versions of Tor and OpenSSL included and also suffer from man-in-the-middle vulnerabilities ...

Github Repositories

https://github.com/hannob/bignum-fuzz

Code to fuzz bignum libraries

bignum-fuzz Code to fuzz bignum libraries CVE-2015-3193-openssl-vs-gcrypt-modexpc This is a simple test that will do a calculation that some versions of OpenSSL will get wrong and compare the result with libgcrypt openssl-vs-gcrypt-modexpc This is a sample code to fuzz the BN_mod_exp() function of OpenSSL and the gcry_mpi_powm() function of libgcrypt Usage instructions are

References

CWE-200http://openssl.org/news/secadv/20151203.txthttps://blog.fuzzing-project.org/31-Fuzzing-Math-miscalculations-in-OpenSSLs-BN_mod_exp-CVE-2015-3193.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1288317https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.securityfocus.com/bid/91787http://fortiguard.com/advisory/openssl-advisory-december-2015http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-opensslhttp://www.fortiguard.com/advisory/openssl-advisory-december-2015http://www.ubuntu.com/usn/USN-2830-1http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759https://kb.isc.org/article/AA-01438http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322http://www.securitytracker.com/id/1034294http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.securityfocus.com/bid/78705https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d73cc256c8e256c32ed959456101b73ba9842f72https://usn.ubuntu.com/2830-1/https://nvd.nist.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook