CVE-2021-4160 | BN_mod_exp may produce incorrect results on MIPS

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb).

Published: 2022-01-28 Last update: 2026-06-17 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2021-4160 is rated Moderate Risk (58/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 3.80%). Core evidence: EPSS rose +3.39% over the last day, indicating growing attacker interest. Mandatory action: Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2021-4160

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.42% 3.80% +3.39%
2 2026-04-20 0.30% 0.42% +0.12%
3 2025-12-28 0.30%

Full EPSS history (25 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2021-4160

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.9 3.1 MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.
2.2 3.6 [email protected]
4.3 2.0 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:N)
No availability impact.
8.6 2.9 [email protected]

Weakness enumeration for CVE-2021-4160

OS Trackers for CVE-2021-4160

vendor priority summary link
debian not yet assigned CVE-2021-4160 not yet assigned priority: Debian including 1 source packages (openssl), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2021-4160
gentoo normal CVE-2021-4160: 1 GLSA(s) (202210-02), 1 atom(s) (dev-libs/openssl); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2021-4160
redhat low https://access.redhat.com/security/cve/CVE-2021-4160
suse medium CVE-2021-4160 severity moderate: SUSE including 19 source package names (compat-openssl098, libopenssl-1_0_0-devel, …), 237 product×package rows across 39 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (39 product lines)): Known Not Affected 237. https://www.suse.com/security/cve/CVE-2021-4160/
ubuntu low CVE-2021-4160 low priority: Ubuntu including 4 source packages (edk2, nodejs, openssl, openssl1.0), 56 status rows across 14 suites (bionic, focal, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, questing, trusty, upstream, xenial): not-affected 38, DNE 13, needs-triage 4, needed 1. https://ubuntu.com/security/CVE-2021-4160

Affected software / configurations for CVE-2021-4160

Vendor Product Version Raw CPE
openssl openssl >= 1.0.2, <= 1.0.2zb cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
openssl openssl >= 1.1.1, < 1.1.1m cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:-:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:alpha1:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:alpha10:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:alpha11:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:alpha12:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:alpha13:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:alpha14:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:alpha15:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:alpha16:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:alpha17:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:alpha2:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:alpha3:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:alpha4:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:alpha5:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:alpha6:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:alpha7:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:alpha8:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:alpha9:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:beta1:*:*:*:*:*:*
openssl openssl 3.0.0 cpe:2.3:a:openssl:openssl:3.0.0:beta2:*:*:*:*:*:*
debian debian_linux 9.0 cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
debian debian_linux 10.0 cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debian debian_linux 11.0 cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
oracle health_sciences_inform_publisher 6.2.1.1 cpe:2.3:a:oracle:health_sciences_inform_publisher:6.2.1.1:*:*:*:*:*:*:*
oracle health_sciences_inform_publisher 6.3.1.1 cpe:2.3:a:oracle:health_sciences_inform_publisher:6.3.1.1:*:*:*:*:*:*:*
oracle jd_edwards_enterpriseone_tools 9.2.6.3 cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.3:*:*:*:*:*:*:*
oracle jd_edwards_world_security a9.4 cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.58 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.59 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
siemens sinec_ins < 1.0 cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*
siemens sinec_ins 1.0 cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*
siemens sinec_ins 1.0 cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*
oracle enterprise_manager_ops_center 12.4.0.0 cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*

References for CVE-2021-4160

URL Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf Third Party Advisory
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
https://security.gentoo.org/glsa/202210-02 Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/
https://www.debian.org/security/2022/dsa-5103 Third Party Advisory
https://www.openssl.org/news/secadv/20220128.txt Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Third Party Advisory
cvelogic Threat Intelligence