Back to search

Cent OS: CVE-2014-3570: CESA-2015:0066 (openssl)

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	January 08, 2015	December 01, 2016	July 04, 2017

Description

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

Free InsightVM Trial

References

APPLE-APPLE-SA-2015-04-08-2
BID-71939
DEBIAN-DSA-3125
MANDRIVA-MDVSA-2015:019
MANDRIVA-MDVSA-2015:062
NVD-CVE-2014-3570
REDHAT-RHSA-2015:0066
REDHAT-RHSA-2015:0849
SUSE-SUSE-SU-2015:0578
SUSE-SUSE-SU-2015:0946
UBUNTU-USN-2459-1

Solution

centos-upgrade-openssl

Related Vulnerabilities

HP Systems Insight Manager - HPSBMU03394 (CVE-2014-3570): Linux and Windows, Multiple Vulnerabilities
SUSE: CVE-2014-3570: SUSE Linux Security Advisory
ELSA-2015-1197 Moderate: Oracle Linux openssl security update
Oracle Solaris 11: CVE-2014-3570: Vulnerability in OpenSSL
DSA-3125-1 openssl -- security update
Oracle Linux: (CVE-2014-3570) (Multiple Advisories): openssl security update
RHSA-2015:0066: openssl security update
Juniper Junos OS: 2015-04 Security Bulletin: OpenSSL 8th January 2015 advisory (JSA10679) (multiple CVEs)
OS X update for Admin Framework (CVE-2014-3570)
HP-UX: CVE-2014-3570: Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
Amazon Linux AMI: Security patch for openssl (ALAS-2015-469) (multiple CVEs)
HP System Management Homepage - (Multiple Advisories) (CVE-2014-3570): Windows 2003, Multiple Vulnerabilities
FreeBSD: OpenSSL -- multiple vulnerabilities (FreeBSD-SA-15:01.openssl) (Multiple CVEs)
Cisco NX-OS: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products (Multiple CVEs)
ELSA-2015-2616 Moderate: Oracle Linux openssl security update
ELSA-2015-3010 Important: Oracle Linux openssl security update
OpenSSL Bignum squaring may produce incorrect results (CVE-2014-3570)
ELSA-2015-0066 Moderate: Oracle Linux openssl security update
Alpine Linux: CVE-2014-3570: openssl Security Advisory [08 Jan 2015]
IBM AIX: openssl_advisory12 (CVE-2014-3570): Vulnerabilities in OpenSSL affects AIX
Cisco SAN-OS: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products (Multiple CVEs)
OS X update for OpenSSL (CVE-2014-3570)
ELSA-2015-0800 Moderate: Oracle Linux openssl security update
USN-2459-1: OpenSSL vulnerabilities

Vulnerability & Exploit Database

Cent OS: CVE-2014-3570: CESA-2015:0066 (openssl)

Description

Scan For This Vulnerability

References

Solution

Related Vulnerabilities

Legal

Resources & Help

Connect With Us

Stay in touch:

Quick Cookie Notification

Vulnerability & Exploit Database

Cent OS: CVE-2014-3570: CESA-2015:0066 (openssl)

Description

Scan For This Vulnerability

References

Solution

Related Vulnerabilities

Legal

Resources & Help

Connect With Us

Stay in touch: