1.9

CVE-2014-0076

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version <= 1.0.0l
OpenSSLOpenSSL Version0.9.1c
OpenSSLOpenSSL Version0.9.2b
OpenSSLOpenSSL Version0.9.3
OpenSSLOpenSSL Version0.9.3a
OpenSSLOpenSSL Version0.9.4
OpenSSLOpenSSL Version0.9.5
OpenSSLOpenSSL Version0.9.5 Updatebeta1
OpenSSLOpenSSL Version0.9.5 Updatebeta2
OpenSSLOpenSSL Version0.9.5a
OpenSSLOpenSSL Version0.9.5a Updatebeta1
OpenSSLOpenSSL Version0.9.5a Updatebeta2
OpenSSLOpenSSL Version0.9.6
OpenSSLOpenSSL Version0.9.6 Updatebeta1
OpenSSLOpenSSL Version0.9.6 Updatebeta2
OpenSSLOpenSSL Version0.9.6 Updatebeta3
OpenSSLOpenSSL Version0.9.6a
OpenSSLOpenSSL Version0.9.6a Updatebeta1
OpenSSLOpenSSL Version0.9.6a Updatebeta2
OpenSSLOpenSSL Version0.9.6a Updatebeta3
OpenSSLOpenSSL Version0.9.6b
OpenSSLOpenSSL Version0.9.6c
OpenSSLOpenSSL Version0.9.6d
OpenSSLOpenSSL Version0.9.6e
OpenSSLOpenSSL Version0.9.6f
OpenSSLOpenSSL Version0.9.6g
OpenSSLOpenSSL Version0.9.6h
OpenSSLOpenSSL Version0.9.6i
OpenSSLOpenSSL Version0.9.6j
OpenSSLOpenSSL Version0.9.6k
OpenSSLOpenSSL Version0.9.6l
OpenSSLOpenSSL Version0.9.6m
OpenSSLOpenSSL Version0.9.7
OpenSSLOpenSSL Version0.9.7 Updatebeta1
OpenSSLOpenSSL Version0.9.7 Updatebeta2
OpenSSLOpenSSL Version0.9.7 Updatebeta3
OpenSSLOpenSSL Version0.9.7 Updatebeta4
OpenSSLOpenSSL Version0.9.7 Updatebeta5
OpenSSLOpenSSL Version0.9.7 Updatebeta6
OpenSSLOpenSSL Version0.9.7a
OpenSSLOpenSSL Version0.9.7b
OpenSSLOpenSSL Version0.9.7c
OpenSSLOpenSSL Version0.9.7d
OpenSSLOpenSSL Version0.9.7e
OpenSSLOpenSSL Version0.9.7f
OpenSSLOpenSSL Version0.9.7g
OpenSSLOpenSSL Version0.9.7h
OpenSSLOpenSSL Version0.9.7i
OpenSSLOpenSSL Version0.9.7j
OpenSSLOpenSSL Version0.9.7k
OpenSSLOpenSSL Version0.9.7l
OpenSSLOpenSSL Version0.9.7m
OpenSSLOpenSSL Version0.9.8
OpenSSLOpenSSL Version0.9.8a
OpenSSLOpenSSL Version0.9.8b
OpenSSLOpenSSL Version0.9.8c
OpenSSLOpenSSL Version0.9.8d
OpenSSLOpenSSL Version0.9.8e
OpenSSLOpenSSL Version0.9.8f
OpenSSLOpenSSL Version0.9.8g
OpenSSLOpenSSL Version0.9.8h
OpenSSLOpenSSL Version0.9.8i
OpenSSLOpenSSL Version0.9.8j
OpenSSLOpenSSL Version0.9.8k
OpenSSLOpenSSL Version0.9.8l
OpenSSLOpenSSL Version0.9.8m
OpenSSLOpenSSL Version0.9.8m Updatebeta1
OpenSSLOpenSSL Version0.9.8n
OpenSSLOpenSSL Version0.9.8o
OpenSSLOpenSSL Version0.9.8p
OpenSSLOpenSSL Version0.9.8q
OpenSSLOpenSSL Version0.9.8r
OpenSSLOpenSSL Version0.9.8s
OpenSSLOpenSSL Version0.9.8t
OpenSSLOpenSSL Version0.9.8u
OpenSSLOpenSSL Version0.9.8v
OpenSSLOpenSSL Version0.9.8w
OpenSSLOpenSSL Version0.9.8x
OpenSSLOpenSSL Version0.9.8y
OpenSSLOpenSSL Version1.0.0
OpenSSLOpenSSL Version1.0.0 Updatebeta1
OpenSSLOpenSSL Version1.0.0 Updatebeta2
OpenSSLOpenSSL Version1.0.0 Updatebeta3
OpenSSLOpenSSL Version1.0.0 Updatebeta4
OpenSSLOpenSSL Version1.0.0 Updatebeta5
OpenSSLOpenSSL Version1.0.0a
OpenSSLOpenSSL Version1.0.0b
OpenSSLOpenSSL Version1.0.0c
OpenSSLOpenSSL Version1.0.0d
OpenSSLOpenSSL Version1.0.0e
OpenSSLOpenSSL Version1.0.0f
OpenSSLOpenSSL Version1.0.0g
OpenSSLOpenSSL Version1.0.0h
OpenSSLOpenSSL Version1.0.0i
OpenSSLOpenSSL Version1.0.0j
OpenSSLOpenSSL Version1.0.0k
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.94% 0.563
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://www-01.ibm.com/support/docview.wss?uid=swg21676092
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
http://support.apple.com/kb/HT6443
http://advisories.mageia.org/MGASA-2014-0165.html
http://eprint.iacr.org/2014/140
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html
http://marc.info/?l=bugtraq&m=140266410314613&w=2
http://marc.info/?l=bugtraq&m=140317760000786&w=2
http://marc.info/?l=bugtraq&m=140389274407904&w=2
http://marc.info/?l=bugtraq&m=140389355508263&w=2
http://marc.info/?l=bugtraq&m=140448122410568&w=2
http://marc.info/?l=bugtraq&m=140482916501310&w=2
http://marc.info/?l=bugtraq&m=140621259019789&w=2
http://marc.info/?l=bugtraq&m=140752315422991&w=2
http://marc.info/?l=bugtraq&m=140904544427729&w=2
http://secunia.com/advisories/58492
http://secunia.com/advisories/58727
http://secunia.com/advisories/58939
http://secunia.com/advisories/59040
http://secunia.com/advisories/59162
http://secunia.com/advisories/59175
http://secunia.com/advisories/59264
http://secunia.com/advisories/59300
http://secunia.com/advisories/59364
http://secunia.com/advisories/59374
http://secunia.com/advisories/59413
http://secunia.com/advisories/59438
http://secunia.com/advisories/59445
http://secunia.com/advisories/59450
http://secunia.com/advisories/59454
http://secunia.com/advisories/59490
http://secunia.com/advisories/59495
http://secunia.com/advisories/59514
http://secunia.com/advisories/59655
http://secunia.com/advisories/59721
http://secunia.com/advisories/60571
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
http://www-01.ibm.com/support/docview.wss?uid=swg21673137
http://www-01.ibm.com/support/docview.wss?uid=swg21676035
http://www-01.ibm.com/support/docview.wss?uid=swg21676062
http://www-01.ibm.com/support/docview.wss?uid=swg21676419
http://www-01.ibm.com/support/docview.wss?uid=swg21676424
http://www-01.ibm.com/support/docview.wss?uid=swg21676501
http://www-01.ibm.com/support/docview.wss?uid=swg21676655
http://www-01.ibm.com/support/docview.wss?uid=swg21677695
http://www-01.ibm.com/support/docview.wss?uid=swg21677828
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
http://www.mandriva.com/security/advisories?name=MDVSA-2014:067
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www.novell.com/support/kb/doc.php?id=7015264
http://www.novell.com/support/kb/doc.php?id=7015300
http://www.openssl.org/news/secadv_20140605.txt
http://www.securityfocus.com/bid/66363
http://www.ubuntu.com/usn/USN-2165-1
https://bugs.gentoo.org/show_bug.cgi?id=505278
https://bugzilla.novell.com/show_bug.cgi?id=869945
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
https://kc.mcafee.com/corporate/index?page=content&id=SB10075