cve/CVE-2014-0076.md at 7909e50b64548be2689e5ad0bc37714dc0608a96

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

POC

Reference

http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10075

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/chnzzh/OpenSSL-CVE-lib
https://github.com/hrbrmstr/internetdb
https://github.com/uvhw/uvhw.bitcoin.js

1.1 KiB Raw Blame History

CVE-2014-0076

Description

POC

Reference

Github

1.1 KiB

Raw Blame History