For certain inputs OpenSSL’s BN_mod_exp function (which is used for RSA and Diffie Hellman) can produce wrong results.
The issue has been fixed by OpenSSL and rated moderate severity:
https://openssl.org/news/secadv/20151203.txt
A code example is here:
https://github.com/hannob/bignum-fuzz/blob/master/CVE-2015-3193-openssl-vs-gcrypt-modexp.c
Some more info:
https://blog.fuzzing-project.org/31-Fuzzing-Math-miscalculations-in-OpenSSLs-BN_mod_exp-CVE-2015-3193.html