CVE - CVE-2014-0076

CVE-ID
CVE-2014-0076	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products URL:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl MISC:58492 URL:http://secunia.com/advisories/58492 MISC:58727 URL:http://secunia.com/advisories/58727 MISC:58939 URL:http://secunia.com/advisories/58939 MISC:59040 URL:http://secunia.com/advisories/59040 MISC:59162 URL:http://secunia.com/advisories/59162 MISC:59175 URL:http://secunia.com/advisories/59175 MISC:59264 URL:http://secunia.com/advisories/59264 MISC:59300 URL:http://secunia.com/advisories/59300 MISC:59364 URL:http://secunia.com/advisories/59364 MISC:59374 URL:http://secunia.com/advisories/59374 MISC:59413 URL:http://secunia.com/advisories/59413 MISC:59438 URL:http://secunia.com/advisories/59438 MISC:59445 URL:http://secunia.com/advisories/59445 MISC:59450 URL:http://secunia.com/advisories/59450 MISC:59454 URL:http://secunia.com/advisories/59454 MISC:59490 URL:http://secunia.com/advisories/59490 MISC:59495 URL:http://secunia.com/advisories/59495 MISC:59514 URL:http://secunia.com/advisories/59514 MISC:59655 URL:http://secunia.com/advisories/59655 MISC:59721 URL:http://secunia.com/advisories/59721 MISC:60571 URL:http://secunia.com/advisories/60571 MISC:66363 URL:http://www.securityfocus.com/bid/66363 MISC:HPSBGN03050 URL:http://marc.info/?l=bugtraq&m=140482916501310&w=2 MISC:HPSBMU03051 URL:http://marc.info/?l=bugtraq&m=140448122410568&w=2 MISC:HPSBMU03056 URL:http://marc.info/?l=bugtraq&m=140389355508263&w=2 MISC:HPSBMU03057 URL:http://marc.info/?l=bugtraq&m=140389274407904&w=2 MISC:HPSBMU03062 URL:http://marc.info/?l=bugtraq&m=140752315422991&w=2 MISC:HPSBMU03074 URL:http://marc.info/?l=bugtraq&m=140621259019789&w=2 MISC:HPSBMU03076 URL:http://marc.info/?l=bugtraq&m=140904544427729&w=2 MISC:HPSBOV03047 URL:http://marc.info/?l=bugtraq&m=140317760000786&w=2 MISC:HPSBUX03046 URL:http://marc.info/?l=bugtraq&m=140266410314613&w=2 MISC:MDVSA-2014:067 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2014:067~~ (Obsolete source) MISC:MDVSA-2015:062 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2015:062~~ (Obsolete source) MISC:SSRT101590 URL:http://marc.info/?l=bugtraq&m=140266410314613&w=2 MISC:USN-2165-1 URL:http://www.ubuntu.com/usn/USN-2165-1 MISC:http://advisories.mageia.org/MGASA-2014-0165.html URL:http://advisories.mageia.org/MGASA-2014-0165.html MISC:http://eprint.iacr.org/2014/140 URL:http://eprint.iacr.org/2014/140 MISC:http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29 URL:http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29 MISC:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 URL:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 MISC:http://support.apple.com/kb/HT6443 URL:http://support.apple.com/kb/HT6443 MISC:http://www-01.ibm.com/support/docview.wss?uid=isg400001841 URL:http://www-01.ibm.com/support/docview.wss?uid=isg400001841 MISC:http://www-01.ibm.com/support/docview.wss?uid=isg400001843 URL:http://www-01.ibm.com/support/docview.wss?uid=isg400001843 MISC:http://www-01.ibm.com/support/docview.wss?uid=swg21673137 URL:http://www-01.ibm.com/support/docview.wss?uid=swg21673137 MISC:http://www-01.ibm.com/support/docview.wss?uid=swg21676035 URL:http://www-01.ibm.com/support/docview.wss?uid=swg21676035 MISC:http://www-01.ibm.com/support/docview.wss?uid=swg21676062 URL:http://www-01.ibm.com/support/docview.wss?uid=swg21676062 MISC:http://www-01.ibm.com/support/docview.wss?uid=swg21676092 URL:http://www-01.ibm.com/support/docview.wss?uid=swg21676092 MISC:http://www-01.ibm.com/support/docview.wss?uid=swg21676419 URL:http://www-01.ibm.com/support/docview.wss?uid=swg21676419 MISC:http://www-01.ibm.com/support/docview.wss?uid=swg21676424 URL:http://www-01.ibm.com/support/docview.wss?uid=swg21676424 MISC:http://www-01.ibm.com/support/docview.wss?uid=swg21676501 URL:http://www-01.ibm.com/support/docview.wss?uid=swg21676501 MISC:http://www-01.ibm.com/support/docview.wss?uid=swg21676655 URL:http://www-01.ibm.com/support/docview.wss?uid=swg21676655 MISC:http://www-01.ibm.com/support/docview.wss?uid=swg21677695 URL:http://www-01.ibm.com/support/docview.wss?uid=swg21677695 MISC:http://www-01.ibm.com/support/docview.wss?uid=swg21677828 URL:http://www-01.ibm.com/support/docview.wss?uid=swg21677828 MISC:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm URL:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm MISC:http://www.novell.com/support/kb/doc.php?id=7015264 URL:http://www.novell.com/support/kb/doc.php?id=7015264 MISC:http://www.novell.com/support/kb/doc.php?id=7015300 URL:http://www.novell.com/support/kb/doc.php?id=7015300 MISC:http://www.openssl.org/news/secadv_20140605.txt URL:http://www.openssl.org/news/secadv_20140605.txt MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html URL:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html MISC:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html URL:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html MISC:https://bugs.gentoo.org/show_bug.cgi?id=505278 URL:https://bugs.gentoo.org/show_bug.cgi?id=505278 MISC:https://bugzilla.novell.com/show_bug.cgi?id=869945 URL:https://bugzilla.novell.com/show_bug.cgi?id=869945 MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 MISC:https://kc.mcafee.com/corporate/index?page=content&id=SB10075 URL:https://kc.mcafee.com/corporate/index?page=content&id=SB10075 MISC:openSUSE-SU-2014:0480 URL:http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html MISC:openSUSE-SU-2016:0640 URL:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Assigning CNA
Red Hat, Inc.
Date Record Created
20131203	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20131203)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)