{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T04:45:23.707","vulnerabilities":[{"cve":{"id":"CVE-2021-4160","sourceIdentifier":"openssl-security@openssl.org","published":"2022-01-28T22:15:15.133","lastModified":"2024-11-21T06:37:02.273","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb)."},{"lang":"es","value":"Se presenta un bug de propagación carry en el procedimiento de cuadratura de MIPS32 y MIPS64. Muchos algoritmos de la CE están afectados, incluyendo algunas de las curvas por defecto de TLS versión 1.3. El impacto no es analizado en detalle, porque los requisitos previos para el ataque son considerados poco probables e incluyen el reuso de claves privadas. El análisis sugiere que los ataques contra RSA y DSA como resultado de este defecto serían muy difíciles de llevar a cabo y no se consideran probables. Los ataques contra DH se consideran apenas factibles (aunque muy difíciles) porque la mayor parte del trabajo necesario para deducir información sobre una clave privada puede llevarse a cabo fuera de línea. La cantidad de recursos necesarios para un ataque de este tipo sería significativa. Sin embargo, para que un ataque a TLS tenga sentido, el servidor tendría que compartir la clave privada DH entre múltiples clientes, lo que ya no es una opción desde CVE-2016-0701. Este problema afecta a OpenSSL versiones 1.0.2, 1.1.1 y 3.0.0. Se ha abordado en versiones 1.1.1m y 3.0.1 el 15 de diciembre de 2021. En el caso de la versión 1.0.2, ha sido  abordada en el commit 6fc1aaaf3 de git, que sólo está disponible para los clientes de soporte premium. Estará disponible en la versión 1.0.2zc cuando sea publicada. El problema sólo afecta a OpenSSL en plataformas MIPS. Corregido en OpenSSL versión 3.0.1 (Afectado  versión 3.0.0). Corregido en OpenSSL versión 1.1.1m (Afectado versión 1.1.1-1.1.1l). Corregido en OpenSSL versión 1.0.2zc-dev (Afectado versión 1.0.2-1.0.2zb)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.2","versionEndIncluding":"1.0.2zb","matchCriteriaId":"C0637240-BA4E-4B83-9E47-5418B2B8E76F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.1","versionEndExcluding":"1.1.1m","matchCriteriaId":"6314E930-4FD0-42E6-8953-75205248D0C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:-:*:*:*:*:*:*","matchCriteriaId":"07D64A21-359E-40B7-8636-7E76D7466263"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"548C088E-7123-4825-B752-4DEA6A421766"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:alpha10:*:*:*:*:*:*","matchCriteriaId":"94E6E480-5E0C-4BDA-B904-38A8E025A38E"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:alpha11:*:*:*:*:*:*","matchCriteriaId":"68C330BD-0089-43E1-A5A7-89478D699FCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:alpha12:*:*:*:*:*:*","matchCriteriaId":"EDDBB564-F8B3-4354-92DD-CBA482E01F55"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:alpha13:*:*:*:*:*:*","matchCriteriaId":"FA41AD12-87F2-4F8F-9D92-BD141D1BB5CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:alpha14:*:*:*:*:*:*","matchCriteriaId":"C7276F4F-2520-4477-9D52-7BEB6188A714"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:alpha15:*:*:*:*:*:*","matchCriteriaId":"A0B98C2A-2B8B-406F-8881-455640624D9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:alpha16:*:*:*:*:*:*","matchCriteriaId":"408C7AFA-F4ED-4D36-91BD-E621D056F0F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:alpha17:*:*:*:*:*:*","matchCriteriaId":"96457E9D-6EFC-4FB9-AAF5-A9A27B519BE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:alpha2:*:*:*:*:*:*","matchCriteriaId":"31593C1F-A2EA-4A47-8027-397C79EC9E30"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:alpha3:*:*:*:*:*:*","matchCriteriaId":"C47AA30A-71D5-4AA4-9C0C-794B2705FE7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:alpha4:*:*:*:*:*:*","matchCriteriaId":"7F4EAFB3-1345-4B67-8859-3EB1DFD23C59"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:alpha5:*:*:*:*:*:*","matchCriteriaId":"D0F3FCF6-136F-4FF8-BB1D-B5D08E6C246C"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:alpha6:*:*:*:*:*:*","matchCriteriaId":"3438FAA2-AEBC-4A32-8E33-3035EE392CFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:alpha7:*:*:*:*:*:*","matchCriteriaId":"1AF93A67-34DE-44FC-9402-60048ADE8F1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:alpha8:*:*:*:*:*:*","matchCriteriaId":"26ED655F-95C7-4A29-A0A1-F40C3150B36F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:alpha9:*:*:*:*:*:*","matchCriteriaId":"8D6A2277-07F5-4D0F-BB36-268D0C449051"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:beta1:*:*:*:*:*:*","matchCriteriaId":"72F6B7A7-BCD5-42BE-A77A-B4A4CB3540B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:3.0.0:beta2:*:*:*:*:*:*","matchCriteriaId":"A6F74415-4AD7-47E0-8792-F971E655954F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:health_sciences_inform_publisher:6.2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"2F12453B-0E7B-46B9-ADEC-0AC5EDC41058"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:health_sciences_inform_publisher:6.3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5D105A5B-0AA8-4782-B804-CB1384F85884"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.3:*:*:*:*:*:*:*","matchCriteriaId":"4A87D1B6-87DF-4BC6-9C3E-F3AA47E22C4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*","matchCriteriaId":"0B1CAD50-749F-4ADB-A046-BF3585677A58"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*","matchCriteriaId":"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*","matchCriteriaId":"C8AF00C6-B97F-414D-A8DF-057E6BFD8597"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0","matchCriteriaId":"C89891C1-DFD7-4E1F-80A9-7485D86A15B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*","matchCriteriaId":"4664B195-AF14-4834-82B3-0B2C98020EB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*","matchCriteriaId":"75BC588E-CDF0-404E-AD61-02093A1DF343"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B095CC03-7077-4A58-AB25-CC5380CDCE5A"}]}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf","source":"openssl-security@openssl.org","tags":["Third Party Advisory"]},{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f","source":"openssl-security@openssl.org"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7","source":"openssl-security@openssl.org"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb","source":"openssl-security@openssl.org"},{"url":"https://security.gentoo.org/glsa/202210-02","source":"openssl-security@openssl.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240621-0006/","source":"openssl-security@openssl.org"},{"url":"https://www.debian.org/security/2022/dsa-5103","source":"openssl-security@openssl.org","tags":["Third Party Advisory"]},{"url":"https://www.openssl.org/news/secadv/20220128.txt","source":"openssl-security@openssl.org","tags":["Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"openssl-security@openssl.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"openssl-security@openssl.org","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202210-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240621-0006/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.debian.org/security/2022/dsa-5103","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.openssl.org/news/secadv/20220128.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}