Moderate

CVE-2014-3570 - Cryptographic Issues vulnerability in Openssl

Publication: 2015-01-09
Summary

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.

Classification
CWE-310: Cryptographic Issues

Risk level (CVSS 5)

Moderate

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Openssl Openssl 0.9.8zc
  • Openssl Openssl 1.0.1j
  • Openssl Openssl 1.0.0b
  • Openssl Openssl 1.0.0c
  • Openssl Openssl 1.0.0d
  • Openssl Openssl 1.0.0e
  • Openssl Openssl 1.0.0f
  • Openssl Openssl 1.0.0g
  • Openssl Openssl 1.0.0h
  • Openssl Openssl 1.0.0i
  • Openssl Openssl 1.0.0j
  • Openssl Openssl 1.0.0k
  • Openssl Openssl 1.0.0l
  • Openssl Openssl 1.0.0a
  • Openssl Openssl 1.0.0n
  • Openssl Openssl 1.0.0o
  • Openssl Openssl 1.0.1a
  • Openssl Openssl 1.0.1b
  • Openssl Openssl 1.0.1c
  • Openssl Openssl 1.0.1d
  • Openssl Openssl 1.0.1e
  • Openssl Openssl 1.0.1f
  • Openssl Openssl 1.0.1g
  • Openssl Openssl 1.0.1h
  • Openssl Openssl 1.0.1i
  • Openssl Openssl 1.0.0m

References