### [CVE-2014-3570](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.

### POC

#### Reference
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Purdue-ECE-461/Fuzzing-Assignment
- https://github.com/chnzzh/OpenSSL-CVE-lib
- https://github.com/uthrasri/CVE-2014-3570
- https://github.com/uthrasri/CVE-2014-3570_G2.5_openssl_no_patch
- https://github.com/uthrasri/Openssl_G2.5_CVE-2014-3570_01
- https://github.com/uthrasri/openssl_G2.5_CVE-2014-3570