There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb).
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
07 Nov 2023, 03:40
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
09 Nov 2022, 20:46
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202210-02 - Third Party Advisory |
16 Oct 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Oct 2022, 02:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:health_sciences_inform_publisher:6.3.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:health_sciences_inform_publisher:6.2.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:* |
|
First Time |
Oracle jd Edwards World Security
Oracle enterprise Manager Ops Center Oracle jd Edwards Enterpriseone Tools Oracle Oracle health Sciences Inform Publisher Oracle peoplesoft Enterprise Peopletools Siemens Siemens sinec Ins |
|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory |
13 Sep 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jul 2022, 18:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Apr 2022, 00:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Mar 2022, 16:05
Type | Values Removed | Values Added |
---|---|---|
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5103 - Third Party Advisory | |
CPE | cpe:2.3:a:openssl:openssl:1.1.1:pre8:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2s:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2x:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1:-:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2o:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2y:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2m:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2zb:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2v:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1:pre7:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2za:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1:pre1:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1:pre2:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1:pre9:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2:-:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1f:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2w:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1g:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1i:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1k:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2q:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2u:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1e:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1l:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1:pre3:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2n:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2p:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1h:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1j:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1:pre4:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1:pre6:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1c:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1d:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2t:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2r:*:*:*:*:*:*:* |
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* |
16 Mar 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Feb 2022, 15:24
Type | Values Removed | Values Added |
---|---|---|
First Time |
Openssl
Debian debian Linux Debian Openssl openssl |
|
CPE | cpe:2.3:a:openssl:openssl:1.1.1:pre5:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1:pre8:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1:-:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2x:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2v:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:alpha2:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:beta1:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:alpha10:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1:pre9:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2:-:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:alpha9:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1e:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1l:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1:pre3:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2n:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1h:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1j:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:alpha1:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:alpha5:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:alpha4:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1:pre4:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1:pre6:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1c:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:alpha14:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1d:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2t:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2s:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2o:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2m:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2y:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:alpha13:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:alpha8:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2zb:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:alpha6:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:alpha12:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1:pre7:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:-:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2za:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1:pre1:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1:pre2:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1f:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2w:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1g:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1i:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.1.1k:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:alpha11:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2q:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2u:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:alpha17:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:alpha7:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2p:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:alpha16:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:alpha15:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:3.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:1.0.2r:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-noinfo | |
References | (CONFIRM) https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb - Patch, Vendor Advisory | |
References | (CONFIRM) https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6fc1aaaf303185aa5e483e06bdfae16daa9193a7 - Broken Link | |
References | (CONFIRM) https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3bf7b73ea7123045b8f972badc67ed6878e6c37f - Patch, Vendor Advisory | |
References | (CONFIRM) https://www.openssl.org/news/secadv/20220128.txt - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 5.9 |
28 Jan 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-28 22:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-4160
Mitre link : CVE-2021-4160
CVE.ORG link : CVE-2021-4160
JSON object : View
Products Affected
oracle
- health_sciences_inform_publisher
- enterprise_manager_ops_center
- jd_edwards_enterpriseone_tools
- jd_edwards_world_security
- peoplesoft_enterprise_peopletools
openssl
- openssl
debian
- debian_linux
siemens
- sinec_ins
CWE