VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-myuq-u3as-g3ah

Essentials
Severities (21)
References (15)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-myuq-u3as-g3ah
Aliases	CVE-2021-4160
Summary	Carry Propagation bug There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701.
Status	Published
Exploitability	0.5
Weighted Severity	5.3
Risk	2.6
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-327	Use of a Broken or Risky Cryptographic Algorithm

System	Score	Found at
cvssv3	5.9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4160.json
epss	0.00299	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00299	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00299	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00299	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00299	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00299	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00299	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00299	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
epss	0.00299	https://api.first.org/data/v1/epss?cve=CVE-2021-4160
ssvc	Track	https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
cvssv3.1	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
ssvc	Track	https://security.gentoo.org/glsa/202210-02
ssvc	Track	https://security.netapp.com/advisory/ntap-20240621-0006/
ssvc	Track	https://www.debian.org/security/2022/dsa-5103
ssvc	Track	https://www.openssl.org/news/secadv/20220128.txt
ssvc	Track	https://www.oracle.com/security-alerts/cpuapr2022.html
ssvc	Track	https://www.oracle.com/security-alerts/cpujul2022.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4160.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-4160
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4160
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3bf7b73ea7123045b8f972badc67ed6878e6c37f
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6fc1aaaf303185aa5e483e06bdfae16daa9193a7
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
		https://www.openssl.org/news/secadv/20220128.txt
2048651		https://bugzilla.redhat.com/show_bug.cgi?id=2048651
CVE-2021-4160		https://nvd.nist.gov/vuln/detail/CVE-2021-4160
GLSA-202210-02		https://security.gentoo.org/glsa/202210-02
?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f		https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f
?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7		https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7
?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb		https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4160.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/ Found at https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/ Found at https://security.gentoo.org/glsa/202210-02

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/ Found at https://security.netapp.com/advisory/ntap-20240621-0006/

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/ Found at https://www.debian.org/security/2022/dsa-5103

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/ Found at https://www.openssl.org/news/secadv/20220128.txt

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/ Found at https://www.oracle.com/security-alerts/cpuapr2022.html

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/ Found at https://www.oracle.com/security-alerts/cpujul2022.html

Exploit Prediction Scoring System (EPSS)

Percentile	0.53163
EPSS Score	0.00299
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:49:21.450515+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/openssl/CVE-2021-4160.yml	38.0.0