gsd-2014-0076
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2014-0076", "description": "The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.", "id": "GSD-2014-0076", "references": [ "https://www.suse.com/security/cve/CVE-2014-0076.html", "https://www.debian.org/security/2014/dsa-2908", "https://advisories.mageia.org/CVE-2014-0076.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2014-0076" ], "details": "The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.", "id": "GSD-2014-0076", "modified": "2023-12-13T01:22:44.935441Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0076", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_affected": "=", "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "MISC", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource": "MISC", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "http://support.apple.com/kb/HT6443", "refsource": "MISC", "url": "http://support.apple.com/kb/HT6443" }, { "name": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", "refsource": "MISC", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "name": "http://advisories.mageia.org/MGASA-2014-0165.html", "refsource": "MISC", "url": "http://advisories.mageia.org/MGASA-2014-0165.html" }, { "name": "http://eprint.iacr.org/2014/140", "refsource": "MISC", "url": "http://eprint.iacr.org/2014/140" }, { "name": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29", "refsource": "MISC", "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629", "refsource": "MISC", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629" }, { "name": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html", "refsource": "MISC", "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html" }, { "name": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2", "refsource": "MISC", "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2" }, { "name": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2", "refsource": "MISC", "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2" }, { "name": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2", "refsource": "MISC", "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2" }, { "name": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2", "refsource": "MISC", "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2" }, { "name": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2", "refsource": "MISC", "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2" }, { "name": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2", "refsource": "MISC", "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2" }, { "name": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2", "refsource": "MISC", "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2" }, { "name": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2", "refsource": "MISC", "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2" }, { "name": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2", "refsource": "MISC", "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2" }, { "name": "http://secunia.com/advisories/58492", "refsource": "MISC", "url": "http://secunia.com/advisories/58492" }, { "name": "http://secunia.com/advisories/58727", "refsource": "MISC", "url": "http://secunia.com/advisories/58727" }, { "name": "http://secunia.com/advisories/58939", "refsource": "MISC", "url": "http://secunia.com/advisories/58939" }, { "name": "http://secunia.com/advisories/59040", "refsource": "MISC", "url": "http://secunia.com/advisories/59040" }, { "name": "http://secunia.com/advisories/59162", "refsource": "MISC", "url": "http://secunia.com/advisories/59162" }, { "name": "http://secunia.com/advisories/59175", "refsource": "MISC", "url": "http://secunia.com/advisories/59175" }, { "name": "http://secunia.com/advisories/59264", "refsource": "MISC", "url": "http://secunia.com/advisories/59264" }, { "name": "http://secunia.com/advisories/59300", "refsource": "MISC", "url": "http://secunia.com/advisories/59300" }, { "name": "http://secunia.com/advisories/59364", "refsource": "MISC", "url": "http://secunia.com/advisories/59364" }, { "name": "http://secunia.com/advisories/59374", "refsource": "MISC", "url": "http://secunia.com/advisories/59374" }, { "name": "http://secunia.com/advisories/59413", "refsource": "MISC", "url": "http://secunia.com/advisories/59413" }, { "name": "http://secunia.com/advisories/59438", "refsource": "MISC", "url": "http://secunia.com/advisories/59438" }, { "name": "http://secunia.com/advisories/59445", "refsource": "MISC", "url": "http://secunia.com/advisories/59445" }, { "name": "http://secunia.com/advisories/59450", "refsource": "MISC", "url": "http://secunia.com/advisories/59450" }, { "name": "http://secunia.com/advisories/59454", "refsource": "MISC", "url": "http://secunia.com/advisories/59454" }, { "name": "http://secunia.com/advisories/59490", "refsource": "MISC", "url": "http://secunia.com/advisories/59490" }, { "name": "http://secunia.com/advisories/59495", "refsource": "MISC", "url": "http://secunia.com/advisories/59495" }, { "name": "http://secunia.com/advisories/59514", "refsource": "MISC", "url": "http://secunia.com/advisories/59514" }, { "name": "http://secunia.com/advisories/59655", "refsource": "MISC", "url": "http://secunia.com/advisories/59655" }, { "name": "http://secunia.com/advisories/59721", "refsource": "MISC", "url": "http://secunia.com/advisories/59721" }, { "name": "http://secunia.com/advisories/60571", "refsource": "MISC", "url": "http://secunia.com/advisories/60571" }, { "name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl", "refsource": "MISC", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841", "refsource": "MISC", "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843", "refsource": "MISC", "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137", "refsource": "MISC", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035", "refsource": "MISC", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062", "refsource": "MISC", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092", "refsource": "MISC", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419", "refsource": "MISC", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676424", "refsource": "MISC", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676424" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501", "refsource": "MISC", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655", "refsource": "MISC", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695", "refsource": "MISC", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828", "refsource": "MISC", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828" }, { "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm", "refsource": "MISC", "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm" }, { "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:067", "refsource": "MISC", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:067" }, { "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062", "refsource": "MISC", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" }, { "name": "http://www.novell.com/support/kb/doc.php?id=7015264", "refsource": "MISC", "url": "http://www.novell.com/support/kb/doc.php?id=7015264" }, { "name": "http://www.novell.com/support/kb/doc.php?id=7015300", "refsource": "MISC", "url": "http://www.novell.com/support/kb/doc.php?id=7015300" }, { "name": "http://www.openssl.org/news/secadv_20140605.txt", "refsource": "MISC", "url": "http://www.openssl.org/news/secadv_20140605.txt" }, { "name": "http://www.securityfocus.com/bid/66363", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/66363" }, { "name": "http://www.ubuntu.com/usn/USN-2165-1", "refsource": "MISC", "url": "http://www.ubuntu.com/usn/USN-2165-1" }, { "name": "https://bugs.gentoo.org/show_bug.cgi?id=505278", "refsource": "MISC", "url": "https://bugs.gentoo.org/show_bug.cgi?id=505278" }, { "name": "https://bugzilla.novell.com/show_bug.cgi?id=869945", "refsource": "MISC", "url": "https://bugzilla.novell.com/show_bug.cgi?id=869945" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946", "refsource": "MISC", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075", "refsource": "MISC", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.0l", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0076" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-310" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.novell.com/show_bug.cgi?id=869945", "refsource": "CONFIRM", "tags": [], "url": "https://bugzilla.novell.com/show_bug.cgi?id=869945" }, { "name": "http://eprint.iacr.org/2014/140", "refsource": "MISC", "tags": [], "url": "http://eprint.iacr.org/2014/140" }, { "name": "https://bugs.gentoo.org/show_bug.cgi?id=505278", "refsource": "CONFIRM", "tags": [], "url": "https://bugs.gentoo.org/show_bug.cgi?id=505278" }, { "name": "http://www.openssl.org/news/secadv_20140605.txt", "refsource": "CONFIRM", "tags": [], "url": "http://www.openssl.org/news/secadv_20140605.txt" }, { "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products", "refsource": "CISCO", "tags": [], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035", "refsource": "CONFIRM", "tags": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035" }, { "name": "59438", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/59438" }, { "name": "http://advisories.mageia.org/MGASA-2014-0165.html", "refsource": "CONFIRM", "tags": [], "url": "http://advisories.mageia.org/MGASA-2014-0165.html" }, { "name": "59450", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/59450" }, { "name": "59721", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/59721" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695", "refsource": "CONFIRM", "tags": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695" }, { "name": "59655", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/59655" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655", "refsource": "CONFIRM", "tags": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655" }, { "name": "59162", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/59162" }, { "name": "58939", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/58939" }, { "name": "MDVSA-2014:067", "refsource": "MANDRIVA", "tags": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:067" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828", "refsource": "CONFIRM", "tags": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676424", "refsource": "CONFIRM", "tags": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676424" }, { "name": "59490", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/59490" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062", "refsource": "CONFIRM", "tags": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062" }, { "name": "58727", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/58727" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075", "refsource": "CONFIRM", "tags": [], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419", "refsource": "CONFIRM", "tags": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419" }, { "name": "http://www.novell.com/support/kb/doc.php?id=7015300", "refsource": "CONFIRM", "tags": [], "url": "http://www.novell.com/support/kb/doc.php?id=7015300" }, { "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm", "refsource": "CONFIRM", "tags": [], "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm" }, { "name": "66363", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/66363" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137", "refsource": "CONFIRM", "tags": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137" }, { "name": "59514", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/59514" }, { "name": "59495", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/59495" }, { "name": "59413", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/59413" }, { "name": "http://www.novell.com/support/kb/doc.php?id=7015264", "refsource": "CONFIRM", "tags": [], "url": "http://www.novell.com/support/kb/doc.php?id=7015264" }, { "name": "59300", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/59300" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843", "refsource": "CONFIRM", "tags": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841", "refsource": "CONFIRM", "tags": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841" }, { "name": "60571", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/60571" }, { "name": "http://support.apple.com/kb/HT6443", "refsource": "CONFIRM", "tags": [], "url": "http://support.apple.com/kb/HT6443" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "MDVSA-2015:062", "refsource": "MANDRIVA", "tags": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092", "refsource": "CONFIRM", "tags": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092" }, { "name": "SSRT101590", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2" }, { "name": "HPSBMU03051", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2" }, { "name": "HPSBMU03074", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2" }, { "name": "HPSBGN03050", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2" }, { "name": "HPSBMU03057", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2" }, { "name": "HPSBOV03047", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2" }, { "name": "HPSBMU03076", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2" }, { "name": "HPSBMU03056", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2" }, { "name": "HPSBMU03062", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946", "refsource": "CONFIRM", "tags": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946" }, { "name": "openSUSE-SU-2016:0640", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501", "refsource": "CONFIRM", "tags": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501" }, { "name": "59454", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/59454" }, { "name": "59445", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/59445" }, { "name": "59374", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/59374" }, { "name": "59364", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/59364" }, { "name": "59264", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/59264" }, { "name": "59175", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/59175" }, { "name": "59040", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/59040" }, { "name": "58492", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/58492" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629", "refsource": "CONFIRM", "tags": [], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "USN-2165-1", "refsource": "UBUNTU", "tags": [], "url": "http://www.ubuntu.com/usn/USN-2165-1" }, { "name": "openSUSE-SU-2014:0480", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html" }, { "name": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29", "refsource": "MISC", "tags": [], "url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false } }, "lastModifiedDate": "2023-02-13T00:31Z", "publishedDate": "2014-03-25T13:25Z" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.