Advisory Published
Updated

CVE-2021-4160: BN_mod_exp may produce incorrect results on MIPS

First published: Fri Jan 28 2022(Updated: )

OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure. An attacker could exploit this vulnerability to launch further attacks on the system

Credit: openssl-security@openssl.org openssl-security@openssl.org

Affected SoftwareAffected VersionHow to fix
debian/openssl
1.1.1n-0+deb10u3
1.1.1n-0+deb10u6
1.1.1w-0+deb11u1
1.1.1n-0+deb11u5
3.0.11-1~deb12u2
3.1.4-2
OpenSSL OpenSSL>=1.0.2<=1.0.2zb
OpenSSL OpenSSL>=1.1.1<1.1.1m
OpenSSL OpenSSL=3.0.0
OpenSSL OpenSSL=3.0.0-alpha1
OpenSSL OpenSSL=3.0.0-alpha10
OpenSSL OpenSSL=3.0.0-alpha11
OpenSSL OpenSSL=3.0.0-alpha12
OpenSSL OpenSSL=3.0.0-alpha13
OpenSSL OpenSSL=3.0.0-alpha14
OpenSSL OpenSSL=3.0.0-alpha15
OpenSSL OpenSSL=3.0.0-alpha16
OpenSSL OpenSSL=3.0.0-alpha17
OpenSSL OpenSSL=3.0.0-alpha2
OpenSSL OpenSSL=3.0.0-alpha3
OpenSSL OpenSSL=3.0.0-alpha4
OpenSSL OpenSSL=3.0.0-alpha5
OpenSSL OpenSSL=3.0.0-alpha6
OpenSSL OpenSSL=3.0.0-alpha7
OpenSSL OpenSSL=3.0.0-alpha8
OpenSSL OpenSSL=3.0.0-alpha9
OpenSSL OpenSSL=3.0.0-beta1
OpenSSL OpenSSL=3.0.0-beta2
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Oracle Health Sciences Inform Publisher=6.2.1.1
Oracle Health Sciences Inform Publisher=6.3.1.1
Oracle Jd Edwards Enterpriseone Tools=9.2.6.3
Oracle Jd Edwards World Security=a9.4
Oracle PeopleSoft Enterprise PeopleTools=8.58
Oracle PeopleSoft Enterprise PeopleTools=8.59
Siemens Sinec Ins<1.0
Siemens Sinec Ins=1.0
Siemens Sinec Ins=1.0-sp1
Oracle Enterprise Manager Ops Center=12.4.0.0
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2021-4160?

    CVE-2021-4160 is a vulnerability in OpenSSL that could provide weaker than expected security caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure.

  • What is the severity of CVE-2021-4160?

    The severity of CVE-2021-4160 is medium, with a severity value of 6.7.

  • Which software versions are affected by CVE-2021-4160?

    OpenSSL versions 1.0.2 to 1.0.2zb, 1.1.1 to 1.1.1m, and 3.0.0 are affected by CVE-2021-4160.

  • How can I fix CVE-2021-4160?

    To fix CVE-2021-4160, update OpenSSL to version 1.0.2zc, 1.1.1n, or 3.0.11.

  • Where can I find more information about CVE-2021-4160?

    You can find more information about CVE-2021-4160 in the commitdiff and security advisory links provided.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203