mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-30 04:49:42 +00:00
1.6 KiB
1.6 KiB
CVE-2014-3570
Description
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
POC
Reference
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Purdue-ECE-461/Fuzzing-Assignment
- https://github.com/chnzzh/OpenSSL-CVE-lib
- https://github.com/uthrasri/CVE-2014-3570
- https://github.com/uthrasri/CVE-2014-3570_G2.5_openssl_no_patch
- https://github.com/uthrasri/Openssl_G2.5_CVE-2014-3570_01
- https://github.com/uthrasri/openssl_G2.5_CVE-2014-3570