CVE Vulnerabilities

CVE-2014-3570

Published: Jan 09, 2015 | Modified: Nov 15, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.

Affected Software

Name Vendor Start Version End Version
Openssl Openssl 1.0.1j 1.0.1j
Openssl Openssl 1.0.0n 1.0.0n
Openssl Openssl 1.0.0c 1.0.0c
Openssl Openssl 1.0.0i 1.0.0i
Openssl Openssl 1.0.1h 1.0.1h
Openssl Openssl 1.0.0m 1.0.0m
Openssl Openssl 1.0.1c 1.0.1c
Openssl Openssl 1.0.1g 1.0.1g
Openssl Openssl 1.0.0h 1.0.0h
Openssl Openssl 1.0.0e 1.0.0e
Openssl Openssl 1.0.0f 1.0.0f
Openssl Openssl 1.0.0d 1.0.0d
Openssl Openssl 1.0.0j 1.0.0j
Openssl Openssl 1.0.1a 1.0.1a
Openssl Openssl 1.0.0o 1.0.0o
Openssl Openssl * 0.9.8zc
Openssl Openssl 1.0.1d 1.0.1d
Openssl Openssl 1.0.0k 1.0.0k
Openssl Openssl 1.0.1b 1.0.1b
Openssl Openssl 1.0.1e 1.0.1e
Openssl Openssl 1.0.1f 1.0.1f
Openssl Openssl 1.0.0l 1.0.0l
Openssl Openssl 1.0.0a 1.0.0a
Openssl Openssl 1.0.1i 1.0.1i
Openssl Openssl 1.0.0b 1.0.0b
Openssl Openssl 1.0.0g 1.0.0g

References