CVE-2014-3570
openssl - security update
EPSS 7.3%
Description
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
How to fix CVE-2014-3570
To remediate CVE-2014-3570, upgrade the affected package to a fixed version below.
- Debian/openssl—upgrade to 1.0.1k-1 or later
- Debian/openssl—upgrade to 0.9.8o-4squeeze19 or later
Is CVE-2014-3570 being exploited?
Moderate — EPSS is 7.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.0.1k-1
- from 0, < 0.9.8o-4squeeze19