High severity7.5NVD Advisory· Published Dec 6, 2015· Updated May 6, 2026

CVE-2015-3193

Description

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.

Affected products

Node.js/Node.js2 versions
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*+ 1 more
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*range: >=4.0.0,<=4.1.2
- cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*range: >=4.2.0,<4.2.3
OpenSSL Project/OpenSSL5 versions
cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlnvdPatchThird Party Advisory
www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlnvdPatchThird Party Advisory
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlnvdPatchThird Party Advisory
fortiguard.com/advisory/openssl-advisory-december-2015nvdThird Party Advisory
kb.juniper.net/InfoCenter/indexnvdThird Party Advisory
kb.juniper.net/InfoCenter/indexnvdThird Party Advisory
openssl.org/news/secadv/20151203.txtnvdVendor Advisory
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-opensslnvdThird Party Advisory
www.fortiguard.com/advisory/openssl-advisory-december-2015nvdThird Party Advisory
www.securityfocus.com/bid/78705nvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/91787nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1034294nvdThird Party AdvisoryVDB Entry
www.slackware.com/security/viewer.phpnvdThird Party Advisory
www.slackware.com/security/viewer.phpnvdThird Party Advisory
www.ubuntu.com/usn/USN-2830-1nvdThird Party Advisory
blog.fuzzing-project.org/31-Fuzzing-Math-miscalculations-in-OpenSSLs-BN_mod_exp-CVE-2015-3193.htmlnvdThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
kb.isc.org/article/AA-01438nvdThird Party Advisory
kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100nvdThird Party Advisory
cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.024
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000