Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-3193

Опубликовано: 06 дек. 2015
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Средний

Описание

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Версия от 4.0.0 (включая) до 4.1.2 (включая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Версия от 4.2.0 (включая) до 4.2.3 (исключая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Версия от 5.0.0 (включая) до 5.1.1 (исключая)
Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

EPSS

Процентиль: 95%
0.20214
Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2015-3193

CVSS3: 7.5
ubuntu
больше 9 лет назад

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.

redhat логотип

CVE-2015-3193

redhat
больше 9 лет назад

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.

debian логотип

CVE-2015-3193

CVSS3: 7.5
debian
больше 9 лет назад

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.p ...

github логотип

GHSA-8m9h-2gxv-h3m7

CVSS3: 7.5
github
около 3 лет назад

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.

fstec логотип

BDU:2020-02958

CVSS3: 7.5
fstec
больше 9 лет назад

Уязвимость функции BN_mod_exp (crypto/bn/asm/x86_64-mont5.pl) библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным

EPSS

Процентиль: 95%
0.20214
Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200