CVE-2014-3570

Summary

CVE	CVE-2014-3570
State	PUBLISHED
Assigner	redhat
Source Priority	CVE Program / NVD first with legacy fallback
Published	2015-01-09 02:59:00 UTC
Updated	2026-05-06 22:30:45 UTC
Description	The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.

Risk And Classification

Primary CVSS: v2.0 5 from [email protected]

AV:N/AC:L/Au:N/C:P/I:N/A:N

Problem Types: CWE-310 | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

AV:N/AC:L/Au:N/C:P/I:N/A:N

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Openssl	Openssl	1.0.0a	All	All	All
Application	Openssl	Openssl	1.0.0b	All	All	All
Application	Openssl	Openssl	1.0.0c	All	All	All
Application	Openssl	Openssl	1.0.0d	All	All	All
Application	Openssl	Openssl	1.0.0e	All	All	All
Application	Openssl	Openssl	1.0.0f	All	All	All
Application	Openssl	Openssl	1.0.0g	All	All	All
Application	Openssl	Openssl	1.0.0h	All	All	All
Application	Openssl	Openssl	1.0.0i	All	All	All
Application	Openssl	Openssl	1.0.0j	All	All	All
Application	Openssl	Openssl	1.0.0k	All	All	All
Application	Openssl	Openssl	1.0.0l	All	All	All
Application	Openssl	Openssl	1.0.0m	All	All	All
Application	Openssl	Openssl	1.0.0n	All	All	All
Application	Openssl	Openssl	1.0.0o	All	All	All
Application	Openssl	Openssl	1.0.1a	All	All	All
Application	Openssl	Openssl	1.0.1b	All	All	All
Application	Openssl	Openssl	1.0.1c	All	All	All
Application	Openssl	Openssl	1.0.1d	All	All	All
Application	Openssl	Openssl	1.0.1e	All	All	All
Application	Openssl	Openssl	1.0.1f	All	All	All
Application	Openssl	Openssl	1.0.1g	All	All	All
Application	Openssl	Openssl	1.0.1h	All	All	All
Application	Openssl	Openssl	1.0.1i	All	All	All
Application	Openssl	Openssl	1.0.1j	All	All	All
Application	Openssl	Openssl	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
Debian -- Security Information -- DSA-3125-1 openssl	af854a3a-2127-422b-91ae-364da2661108	www.debian.org
'[security bulletin] HPSBUX03162 SSRT101885 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (' - MARC	af854a3a-2127-422b-91ae-364da2661108	marc.info
'[security bulletin] HPSBHF03289 rev.1- HP ThinClient PCs running ThinPro Linux, Remote Code Executio' - MARC	af854a3a-2127-422b-91ae-364da2661108	marc.info
About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004 - Apple Support	af854a3a-2127-422b-91ae-364da2661108	support.apple.com
[security-announce] SUSE-SU-2015:0946-1: important: Security update for	af854a3a-2127-422b-91ae-364da2661108	lists.opensuse.org
'[security bulletin] HPSBMU03413 rev.1 - HP Virtual Connect Enterprise Manager SDK, Multiple Vulnerab' - MARC	af854a3a-2127-422b-91ae-364da2661108	marc.info
McAfee KnowledgeBase - McAfee Security Bulletin - FREAK OpenSSL Vulnerability	af854a3a-2127-422b-91ae-364da2661108	kc.mcafee.com
[SECURITY] Fedora 21 Update: openssl-1.0.1k-1.fc21	af854a3a-2127-422b-91ae-364da2661108	lists.fedoraproject.org
Oracle Critical Patch Update - July 2015	af854a3a-2127-422b-91ae-364da2661108	www.oracle.com
McAfee KnowledgeBase - McAfee Security Bulletin - Firewall Enterprise update fixes 8 OpenSSL CVEs	af854a3a-2127-422b-91ae-364da2661108	kc.mcafee.com
HP Version Control Repository Manager Multiple Flaws Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Conduct Cross-Site Request Forgery Attacks - SecurityTracker	af854a3a-2127-422b-91ae-364da2661108	www.securitytracker.com
www.openssl.org/news/secadv_20150108.txt	af854a3a-2127-422b-91ae-364da2661108	www.openssl.org	Vendor Advisory
Oracle Bulletin Board Update - January 2015	af854a3a-2127-422b-91ae-364da2661108	www.oracle.com
Oracle Critical Patch Update - October 2015	af854a3a-2127-422b-91ae-364da2661108	www.oracle.com
OpenSSL CVE-2014-3570 Unspecified Security Weakness	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Fix for CVE-2014-3570 (with minor bn_asm.c revamp). · a7a44ba · openssl/openssl · GitHub	af854a3a-2127-422b-91ae-364da2661108	github.com
APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004	af854a3a-2127-422b-91ae-364da2661108	lists.apple.com
Oracle Critical Patch Update - July 2016	af854a3a-2127-422b-91ae-364da2661108	www.oracle.com
[security-announce] openSUSE-SU-2015:0130-1: important: Security update	af854a3a-2127-422b-91ae-364da2661108	lists.opensuse.org
Oracle Critical Patch Update - April 2015	af854a3a-2127-422b-91ae-364da2661108	www.oracle.com
'[security bulletin] HPSBMU03380 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Mu' - MARC	af854a3a-2127-422b-91ae-364da2661108	marc.info
'[security bulletin] HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux, Multipl' - MARC	af854a3a-2127-422b-91ae-364da2661108	marc.info
'[security bulletin] HPSBOV03318 rev.1 - HP SSL for OpenVMS, Remote Denial of Service (DoS) and other' - MARC	af854a3a-2127-422b-91ae-364da2661108	marc.info
[security-announce] SUSE-SU-2015:0578-1: important: Security update for	af854a3a-2127-422b-91ae-364da2661108	lists.opensuse.org
[security-announce] openSUSE-SU-2015:1277-1: important: Security update	af854a3a-2127-422b-91ae-364da2661108	lists.opensuse.org
Red Hat Customer Portal	af854a3a-2127-422b-91ae-364da2661108	rhn.redhat.com
Oracle Critical Patch Update - October 2017	af854a3a-2127-422b-91ae-364da2661108	www.oracle.com
'[security bulletin] HPSBMU03396 rev.1 - HP Version Control Repository Manager (VCRM) on Windows and ' - MARC	af854a3a-2127-422b-91ae-364da2661108	marc.info
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products	af854a3a-2127-422b-91ae-364da2661108	tools.cisco.com
Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware	af854a3a-2127-422b-91ae-364da2661108	support.citrix.com
Juniper Networks - 2015-04 Security Bulletin: OpenSSL 8th January 2015 advisory.	af854a3a-2127-422b-91ae-364da2661108	kb.juniper.net
Support / Security / Advisories / / MDVSA-2015:062 \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
'[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities' - MARC	af854a3a-2127-422b-91ae-364da2661108	marc.info
'[security bulletin] HPSBGN03299 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent ru' - MARC	af854a3a-2127-422b-91ae-364da2661108	marc.info
Red Hat Customer Portal	af854a3a-2127-422b-91ae-364da2661108	rhn.redhat.com
[SECURITY] Fedora 20 Update: openssl-1.0.1e-41.fc20	af854a3a-2127-422b-91ae-364da2661108	lists.fedoraproject.org
[security-announce] openSUSE-SU-2016:0640-1: important: Security update	af854a3a-2127-422b-91ae-364da2661108	lists.opensuse.org
'[security bulletin] HPSBUX03244 SSRT101885 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (' - MARC	af854a3a-2127-422b-91ae-364da2661108	marc.info
Support / Security / Advisories / / MDVSA-2015:019 \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
SA88 : OpenSSL Security Advisory 08-Jan-2015 \| Symantec	af854a3a-2127-422b-91ae-364da2661108	bto.bluecoat.com
Red Hat Customer Portal	af854a3a-2127-422b-91ae-364da2661108	rhn.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

390226 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2021-0011)
390284 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)
671109 EulerOS Security Update for Open Secure Sockets Layer098e (OpenSSL098e) (EulerOS-SA-2019-2509)