CVE-2014-0076

Published: Mar 25, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.novell.com/support/kb/doc.php?id=7015300

x_refsource_CONFIRM

59264

third-party-advisory

x_refsource_SECUNIA

59454

third-party-advisory

x_refsource_SECUNIA

66363

vdb-entry

x_refsource_BID

58492

third-party-advisory

x_refsource_SECUNIA

http://www.novell.com/support/kb/doc.php?id=7015264

x_refsource_CONFIRM

https://bugs.gentoo.org/show_bug.cgi?id=505278

x_refsource_CONFIRM

59445

third-party-advisory

x_refsource_SECUNIA

HPSBUX03046

vendor-advisory

x_refsource_HP

http://www-01.ibm.com/support/docview.wss?uid=swg21676655

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21676092

x_refsource_CONFIRM

http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=isg400001843

x_refsource_CONFIRM

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946

x_refsource_CONFIRM

HPSBOV03047

vendor-advisory

x_refsource_HP

http://www-01.ibm.com/support/docview.wss?uid=swg21677828

x_refsource_CONFIRM

HPSBMU03074

vendor-advisory

x_refsource_HP

59300

third-party-advisory

x_refsource_SECUNIA

http://advisories.mageia.org/MGASA-2014-0165.html

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21677695

x_refsource_CONFIRM

openSUSE-SU-2014:0480

vendor-advisory

x_refsource_SUSE

59495

third-party-advisory

x_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=isg400001841

x_refsource_CONFIRM

openSUSE-SU-2016:0640

vendor-advisory

x_refsource_SUSE

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

x_refsource_CONFIRM

59655

third-party-advisory

x_refsource_SECUNIA

59374

third-party-advisory

x_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21676501

x_refsource_CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

x_refsource_CONFIRM

HPSBMU03057

vendor-advisory

x_refsource_HP

58939

third-party-advisory

x_refsource_SECUNIA

SSRT101590

vendor-advisory

x_refsource_HP

59514

third-party-advisory

x_refsource_SECUNIA

20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products

vendor-advisory

x_refsource_CISCO

https://kc.mcafee.com/corporate/index?page=content&id=SB10075

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21676419

x_refsource_CONFIRM

59438

third-party-advisory

x_refsource_SECUNIA

HPSBGN03050

vendor-advisory

x_refsource_HP

58727

third-party-advisory

x_refsource_SECUNIA

http://www.openssl.org/news/secadv_20140605.txt

x_refsource_CONFIRM

http://support.apple.com/kb/HT6443

x_refsource_CONFIRM

USN-2165-1

vendor-advisory

x_refsource_UBUNTU

HPSBMU03076

vendor-advisory

x_refsource_HP

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629

x_refsource_CONFIRM

MDVSA-2014:067

vendor-advisory

x_refsource_MANDRIVA

HPSBMU03062

vendor-advisory

x_refsource_HP

https://bugzilla.novell.com/show_bug.cgi?id=869945

x_refsource_CONFIRM

59040

third-party-advisory

x_refsource_SECUNIA

HPSBMU03056

vendor-advisory

x_refsource_HP

59175

third-party-advisory

x_refsource_SECUNIA

HPSBMU03051

vendor-advisory

x_refsource_HP

59413

third-party-advisory

x_refsource_SECUNIA

59721

third-party-advisory

x_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21676062

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21673137

x_refsource_CONFIRM

MDVSA-2015:062

vendor-advisory

x_refsource_MANDRIVA

http://www-01.ibm.com/support/docview.wss?uid=swg21676035

x_refsource_CONFIRM

59450

third-party-advisory

x_refsource_SECUNIA

59364

third-party-advisory

x_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21676424

x_refsource_CONFIRM

60571

third-party-advisory

x_refsource_SECUNIA

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm

x_refsource_CONFIRM

59162

third-party-advisory

x_refsource_SECUNIA

59490

third-party-advisory

x_refsource_SECUNIA

http://eprint.iacr.org/2014/140

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-0076

Description

Affected Products

References