CVE-2015-3193 — Vulnetix

Try Vulnetix Request Demo

CVE-2015-3193 REJECTED

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.

EPSS 23.63% · 95.9th percentile

Risk Scores

EPSS Score

23.63%

95.9th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:14.04:LTS	openssl	0, 1.0.1e-3ubuntu1, 1.0.1e-4ubuntu1

Timeline

CVE Published
Apr 12, 2016 PoC Published
Oct 2, 2020 PoC Published
Nov 6, 2020 PoC Published
Sep 6, 2021 PoC Published
Feb 4, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Oct 9, 2024 PoC Published
Dec 12, 2024 PoC Published
Mar 17, 2025 EPSS Score
Mar 20, 2025 EPSS Score
Mar 28, 2025 PoC Published

References

https://ubuntu.com/security/CVE-2015-3193 third-party-advisory
https://www.openssl.org/news/secadv/20151203.txt third-party-advisory
https://ubuntu.com/security/notices/USN-2830-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2015-3193 third-party-advisory
Multiples vulnérabilités dans les produits Siemens advisory

Open in Interactive Console →