medium
6.7
Advisory Published
Updated

CVE-2021-4160: BN_mod_exp may produce incorrect results on MIPS

First published: Fri Jan 28 2022(Updated: )

OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure. An attacker could exploit this vulnerability to launch further attacks on the system

Credit: openssl-security@openssl.org openssl-security@openssl.org

Affected SoftwareAffected VersionHow to fix
debian/openssl
1.1.1n-0+deb10u3
1.1.1n-0+deb10u6
1.1.1w-0+deb11u1
1.1.1n-0+deb11u5
3.0.11-1~deb12u2
3.1.4-2
OpenSSL libcrypto>=1.0.2<=1.0.2zb
OpenSSL libcrypto>=1.1.1<1.1.1m
OpenSSL libcrypto=3.0.0
OpenSSL libcrypto=3.0.0-alpha1
OpenSSL libcrypto=3.0.0-alpha10
OpenSSL libcrypto=3.0.0-alpha11
OpenSSL libcrypto=3.0.0-alpha12
OpenSSL libcrypto=3.0.0-alpha13
OpenSSL libcrypto=3.0.0-alpha14
OpenSSL libcrypto=3.0.0-alpha15
OpenSSL libcrypto=3.0.0-alpha16
OpenSSL libcrypto=3.0.0-alpha17
OpenSSL libcrypto=3.0.0-alpha2
OpenSSL libcrypto=3.0.0-alpha3
OpenSSL libcrypto=3.0.0-alpha4
OpenSSL libcrypto=3.0.0-alpha5
OpenSSL libcrypto=3.0.0-alpha6
OpenSSL libcrypto=3.0.0-alpha7
OpenSSL libcrypto=3.0.0-alpha8
OpenSSL libcrypto=3.0.0-alpha9
OpenSSL libcrypto=3.0.0-beta1
OpenSSL libcrypto=3.0.0-beta2
Debian GNU/Linux=9.0
Debian GNU/Linux=10.0
Debian GNU/Linux=11.0
oracle health sciences inform publisher=6.2.1.1
oracle health sciences inform publisher=6.3.1.1
Oracle JD Edwards EnterpriseOne Tools=9.2.6.3
oracle jd edwards world security=a9.4
Oracle PeopleSoft Enterprise PeopleTools=8.58
Oracle PeopleSoft Enterprise PeopleTools=8.59
siemens sinec ins<1.0
siemens sinec ins=1.0
siemens sinec ins=1.0-sp1
Oracle Enterprise Manager Ops Center=12.4.0.0
IBM Cognos Analytics<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics<=IBM Cognos Analytics 11.1.x

Remedy

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3bf7b73ea7123045b8f972badc67ed6878e6c37f

Remedy

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb

Remedy

https://www.oracle.com/security-alerts/cpuapr2022.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2021-4160?

    CVE-2021-4160 is a vulnerability in OpenSSL that could provide weaker than expected security caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure.

  • What is the severity of CVE-2021-4160?

    The severity of CVE-2021-4160 is medium, with a severity value of 6.7.

  • Which software versions are affected by CVE-2021-4160?

    OpenSSL versions 1.0.2 to 1.0.2zb, 1.1.1 to 1.1.1m, and 3.0.0 are affected by CVE-2021-4160.

  • How can I fix CVE-2021-4160?

    To fix CVE-2021-4160, update OpenSSL to version 1.0.2zc, 1.1.1n, or 3.0.11.

  • Where can I find more information about CVE-2021-4160?

    You can find more information about CVE-2021-4160 in the commitdiff and security advisory links provided.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203