Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-3193

Опубликовано: 03 дек. 2015
Источник: redhat
CVSS2: 2.6

Описание

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.

Отчет

This issue does not affect the version of OpenSSL as shipped with Red Hat Enterprise Linux 5, 6 and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5opensslNot affected
Red Hat Enterprise Linux 5openssl097aNot affected
Red Hat Enterprise Linux 6opensslNot affected
Red Hat Enterprise Linux 7opensslNot affected
Red Hat Enterprise Linux 7openssl098eNot affected
Red Hat JBoss Enterprise Application Platform 6opensslNot affected
Red Hat JBoss Enterprise Web Server 1opensslNot affected
Red Hat JBoss Enterprise Web Server 2opensslNot affected
Red Hat JBoss Enterprise Web Server 3opensslNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1288317OpenSSL: BN_mod_exp may produce incorrect results on x86_64

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-3193

CVSS3: 7.5
ubuntu
больше 9 лет назад

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.

nvd логотип

CVE-2015-3193

CVSS3: 7.5
nvd
больше 9 лет назад

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.

debian логотип

CVE-2015-3193

CVSS3: 7.5
debian
больше 9 лет назад

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.p ...

github логотип

GHSA-8m9h-2gxv-h3m7

CVSS3: 7.5
github
около 3 лет назад

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.

fstec логотип

BDU:2020-02958

CVSS3: 7.5
fstec
больше 9 лет назад

Уязвимость функции BN_mod_exp (crypto/bn/asm/x86_64-mont5.pl) библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным

2.6 Low

CVSS2