Description

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

Remediation

References

CVE-2014-0076

Related Vulnerabilities

Oracle Database Server CVE-2007-2109 Vulnerability (CVE-2007-2109)

WordPress Plugin Link Library Cross-Site Scripting (5.9.12.29)

WordPress Plugin Qwizcards-online quizzes and flashcards Cross-Site Scripting (3.61)

e107 Other Vulnerability (CVE-2006-4794)

Oracle HTTP Server Use After Free Vulnerability (CVE-2019-10082)

Severity

Low

Classification

CVE-2014-0076

Tags

Missing Update Known Vulnerabilities