U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2014-0076 Detail

Current Description

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.


View Analysis Description

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
http://advisories.mageia.org/MGASA-2014-0165.html CVE, Inc., Red Hat
http://eprint.iacr.org/2014/140 CVE, Inc., Red Hat
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29 CVE, Inc., Red Hat
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 CVE, Inc., Red Hat
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html CVE, Inc., Red Hat
http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html CVE, Inc., Red Hat
http://marc.info/?l=bugtraq&m=140266410314613&w=2 CVE, Inc., Red Hat
http://marc.info/?l=bugtraq&m=140317760000786&w=2 CVE, Inc., Red Hat
http://marc.info/?l=bugtraq&m=140389274407904&w=2 CVE, Inc., Red Hat
http://marc.info/?l=bugtraq&m=140389355508263&w=2 CVE, Inc., Red Hat
http://marc.info/?l=bugtraq&m=140448122410568&w=2 CVE, Inc., Red Hat
http://marc.info/?l=bugtraq&m=140482916501310&w=2 CVE, Inc., Red Hat
http://marc.info/?l=bugtraq&m=140621259019789&w=2 CVE, Inc., Red Hat
http://marc.info/?l=bugtraq&m=140752315422991&w=2 CVE, Inc., Red Hat
http://marc.info/?l=bugtraq&m=140904544427729&w=2 CVE, Inc., Red Hat
http://secunia.com/advisories/58492 CVE, Inc., Red Hat
http://secunia.com/advisories/58727 CVE, Inc., Red Hat
http://secunia.com/advisories/58939 CVE, Inc., Red Hat
http://secunia.com/advisories/59040 CVE, Inc., Red Hat
http://secunia.com/advisories/59162 CVE, Inc., Red Hat
http://secunia.com/advisories/59175 CVE, Inc., Red Hat
http://secunia.com/advisories/59264 CVE, Inc., Red Hat
http://secunia.com/advisories/59300 CVE, Inc., Red Hat
http://secunia.com/advisories/59364 CVE, Inc., Red Hat
http://secunia.com/advisories/59374 CVE, Inc., Red Hat
http://secunia.com/advisories/59413 CVE, Inc., Red Hat
http://secunia.com/advisories/59438 CVE, Inc., Red Hat
http://secunia.com/advisories/59445 CVE, Inc., Red Hat
http://secunia.com/advisories/59450 CVE, Inc., Red Hat
http://secunia.com/advisories/59454 CVE, Inc., Red Hat
http://secunia.com/advisories/59490 CVE, Inc., Red Hat
http://secunia.com/advisories/59495 CVE, Inc., Red Hat
http://secunia.com/advisories/59514 CVE, Inc., Red Hat
http://secunia.com/advisories/59655 CVE, Inc., Red Hat
http://secunia.com/advisories/59721 CVE, Inc., Red Hat
http://secunia.com/advisories/60571 CVE, Inc., Red Hat
http://support.apple.com/kb/HT6443 CVE, Inc., Red Hat
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=isg400001841 CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=isg400001843 CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21673137 CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21676035 CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21676062 CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21676092 CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21676419 CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21676424 CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21676501 CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21676655 CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21677695 CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21677828 CVE, Inc., Red Hat
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm CVE, Inc., Red Hat
http://www.mandriva.com/security/advisories?name=MDVSA-2014:067 CVE, Inc., Red Hat
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 CVE, Inc., Red Hat
http://www.novell.com/support/kb/doc.php?id=7015264 CVE, Inc., Red Hat
http://www.novell.com/support/kb/doc.php?id=7015300 CVE, Inc., Red Hat
http://www.openssl.org/news/secadv_20140605.txt CVE, Inc., Red Hat
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html CVE, Inc., Red Hat
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html CVE, Inc., Red Hat
http://www.securityfocus.com/bid/66363 CVE, Inc., Red Hat
http://www.ubuntu.com/usn/USN-2165-1 CVE, Inc., Red Hat
https://bugs.gentoo.org/show_bug.cgi?id=505278 CVE, Inc., Red Hat
https://bugzilla.novell.com/show_bug.cgi?id=869945 CVE, Inc., Red Hat
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 CVE, Inc., Red Hat
https://kc.mcafee.com/corporate/index?page=content&id=SB10075 CVE, Inc., Red Hat

Weakness Enumeration

CWE-ID CWE Name Source
CWE-310 Cryptographic Issues cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

18 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2014-0076
NVD Published Date:
03/25/2014
NVD Last Modified:
04/12/2025
Source:
Red Hat, Inc.