Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2014-3570

Disclosure Date: January 09, 2015
CVE-2014-3570
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • openssl

Products

  • openssl,
  • openssl 1.0.0a,
  • openssl 1.0.0b,
  • openssl 1.0.0c,
  • openssl 1.0.0d,
  • openssl 1.0.0e,
  • openssl 1.0.0f,
  • openssl 1.0.0g,
  • openssl 1.0.0h,
  • openssl 1.0.0i,
  • openssl 1.0.0j,
  • openssl 1.0.0k,
  • openssl 1.0.0l,
  • openssl 1.0.0m,
  • openssl 1.0.0n,
  • openssl 1.0.0o,
  • openssl 1.0.1a,
  • openssl 1.0.1b,
  • openssl 1.0.1c,
  • openssl 1.0.1d,
  • openssl 1.0.1e,
  • openssl 1.0.1f,
  • openssl 1.0.1g,
  • openssl 1.0.1h,
  • openssl 1.0.1i,
  • openssl 1.0.1j

References

Canonical
CVE-2014-3570 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570)
BID-71939 (http://www.securityfocus.com/bid/71939)
Advisory
HPSBOV03318 (http://marc.info?l=bugtraq&m=142895206924048&w=2)
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html
20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products (http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl)
HPSBGN03299 (http://marc.info?l=bugtraq&m=142720981827617&w=2)
HPSBMU03409 (http://marc.info?l=bugtraq&m=144050155601375&w=2)
https://support.apple.com/HT204659
https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
HPSBMU03380 (http://marc.info?l=bugtraq&m=143748090628601&w=2)
http://rhn.redhat.com/errata/RHSA-2015-0849.html
FEDORA-2015-0601 (http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html)
SECTRACK-1033378 (http://www.securitytracker.com/id/1033378)
HPSBHF03289 (http://marc.info?l=bugtraq&m=142721102728110&w=2)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
https://www.openssl.org/news/secadv_20150108.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
http://rhn.redhat.com/errata/RHSA-2015-0066.html
HPSBUX03244 (http://marc.info?l=bugtraq&m=142496289803847&w=2)
APPLE-SA-2015-04-08-2 (http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html)
https://kc.mcafee.com/corporate/index?page=content&id=SB10108
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10102
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
HPSBMU03397 (http://marc.info?l=bugtraq&m=144050297101809&w=2)
http://rhn.redhat.com/errata/RHSA-2016-1650.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
HPSBMU03396 (http://marc.info?l=bugtraq&m=144050205101530&w=2)
HPSBUX03162 (http://marc.info?l=bugtraq&m=142496179803395&w=2)
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
https://support.citrix.com/article/CTX216642
HPSBMU03413 (http://marc.info?l=bugtraq&m=144050254401665&w=2)
https://bto.bluecoat.com/security-advisory/sa88
DSA-3125 (http://www.debian.org/security/2015/dsa-3125)
FEDORA-2015-0512 (http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis