Back to search
CVE-2016-0702
Published: Mar 3, 2016
Modified: Aug 5, 2024
PUBLISHED
Description
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2016-2802690366
vendor-advisory
openSUSE-SU-2016:1242
vendor-advisory
SUSE-SU-2016:1267
vendor-advisory
FEDORA-2016-e6807b3394
vendor-advisory
openSUSE-SU-2016:0638
vendor-advisory
FreeBSD-SA-16:12
vendor-advisory
openSUSE-SU-2016:1239
vendor-advisory
SUSE-SU-2016:0621
vendor-advisory
HPSBGN03563
vendor-advisory
USN-2914-1
vendor-advisory
SUSE-SU-2016:1057
vendor-advisory
openSUSE-SU-2016:1566
vendor-advisory
openSUSE-SU-2016:1241
vendor-advisory
SUSE-SU-2016:1360
vendor-advisory
openSUSE-SU-2016:0720
vendor-advisory
SUSE-SU-2016:0624
vendor-advisory
DSA-3500
vendor-advisory
SUSE-SU-2016:0631
vendor-advisory
SUSE-SU-2016:0617
vendor-advisory
SUSE-SU-2016:1290
vendor-advisory
openSUSE-SU-2016:1273
vendor-advisory
RHSA-2016:2957
vendor-advisory
GLSA-201603-15
vendor-advisory
openSUSE-SU-2016:0628
vendor-advisory
1035133
vdb-entry
SUSE-SU-2016:0620
vendor-advisory
openSUSE-SU-2016:0637
vendor-advisory
openSUSE-SU-2016:0627
vendor-advisory
SUSE-SU-2016:0641
vendor-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now