CVE-2014-0076
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0040 (0.4%)
Percentil: 60.4%
EPSS: 2026-05-06
Afecta
openssl:opensslDescripción técnica
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
Publicada: 25/3/2014, 13:25:21
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://advisories.mageia.org/MGASA-2014-0165.html
- http://eprint.iacr.org/2014/140
- http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
- http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html
- http://marc.info/?l=bugtraq&m=140266410314613&w=2
- http://marc.info/?l=bugtraq&m=140317760000786&w=2