CVE-2014-3570

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 0.9.8zd OpenSSL versions prior to 1.0.0p OpenSSL versions prior to 1.0.1k

Description The BN sqr implementation in OpenSSL does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. Multiple vulnerabilities in the OpenSSL package may lead to a denial of service condition or allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerabilities can be exploited remotely.

Recommendations For versions prior to 0.9.8zd, update to version 0.9.8zd or later. For versions prior to 1.0.0p, update to version 1.0.0p or later. For versions prior to 1.0.1k, update to version 1.0.1k or later.