CVE-2015-3193

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2 through 1.0.2e

Description The Montgomery squaring implementation in crypto/bn/asm/x86 64-mont5.pl mishandles carry propagation and produces incorrect output, making it easier for remote attackers to obtain sensitive private-key information via an attack against use of a Diffie-Hellman (DH) or Diffie-Hellman Ephemeral (DHE) ciphersuite. This issue affects the BN mod exp function.

Recommendations For versions 1.0.2 through 1.0.2e, update to version 1.0.2e or later to resolve the issue. As a temporary workaround, consider restricting the use of Diffie-Hellman (DH) or Diffie-Hellman Ephemeral (DHE) ciphersuites until a patch is available.