Description
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2572)
SugarCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-35808)
MySQL CVE-2020-2679 Vulnerability (CVE-2020-2679)
WordPress Plugin WP Edit Unspecified Vulnerability (3.0)
WordPress Plugin Contact Form Email Multiple Vulnerabilities (1.2.65)