CVE-2021-4160
Severity
5.9MEDIUM
EPSS
0.3%
top 46.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 28
Latest updateApr 15
Description
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficu…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages9 packages
▶CVEListV5openssl/opensslFixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb), Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l), Fixed in OpenSSL 3.0.1 (Affected 3.0.0)+2
Also affects: Debian Linux 10.0, 11.0, 9.0
Patches
🔴Vulnerability Details
3📋Vendor Advisories
4Debian▶
CVE-2021-4160: openssl - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Ma...↗2021