Cent OS: CVE-2014-3570: CESA-2015:0066 (openssl)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | January 08, 2015 | December 01, 2016 | July 04, 2017 |
Description
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
centos-upgrade-opensslRelated Vulnerabilities
- HP Systems Insight Manager - HPSBMU03394 (CVE-2014-3570): Linux and Windows, Multiple Vulnerabilities
- SUSE: CVE-2014-3570: SUSE Linux Security Advisory
- ELSA-2015-1197 Moderate: Oracle Linux openssl security update
- Oracle Solaris 11: CVE-2014-3570: Vulnerability in OpenSSL
- DSA-3125-1 openssl -- security update
- Oracle Linux: (CVE-2014-3570) (Multiple Advisories): openssl security update
- RHSA-2015:0066: openssl security update
- Juniper Junos OS: 2015-04 Security Bulletin: OpenSSL 8th January 2015 advisory (JSA10679) (multiple CVEs)
- OS X update for Admin Framework (CVE-2014-3570)
- HP-UX: CVE-2014-3570: Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
- Amazon Linux AMI: Security patch for openssl (ALAS-2015-469) (multiple CVEs)
- HP System Management Homepage - (Multiple Advisories) (CVE-2014-3570): Windows 2003, Multiple Vulnerabilities
- FreeBSD: OpenSSL -- multiple vulnerabilities (FreeBSD-SA-15:01.openssl) (Multiple CVEs)
- Cisco NX-OS: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products (Multiple CVEs)
- ELSA-2015-2616 Moderate: Oracle Linux openssl security update
- ELSA-2015-3010 Important: Oracle Linux openssl security update
- OpenSSL Bignum squaring may produce incorrect results (CVE-2014-3570)
- ELSA-2015-0066 Moderate: Oracle Linux openssl security update
- Alpine Linux: CVE-2014-3570: openssl Security Advisory [08 Jan 2015]
- IBM AIX: openssl_advisory12 (CVE-2014-3570): Vulnerabilities in OpenSSL affects AIX
- Cisco SAN-OS: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products (Multiple CVEs)
- OS X update for OpenSSL (CVE-2014-3570)
- ELSA-2015-0800 Moderate: Oracle Linux openssl security update
- USN-2459-1: OpenSSL vulnerabilities