CVE-2014-0076
Detail
Deferred
This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.
Current Description
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
View Analysis Description
Analysis
Description
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for remote attackers to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 2.0 Severity and Vector Strings:
Vector:
(AV:L/AC:M/Au:N/C:P/I:N/A:N)
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected] .
URL
Source(s)
Tag(s)
http://advisories.mageia.org/MGASA-2014-0165.html
CVE, Inc., Red Hat
http://eprint.iacr.org/2014/140
CVE, Inc., Red Hat
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29
CVE, Inc., Red Hat
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
CVE, Inc., Red Hat
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
CVE, Inc., Red Hat
http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html
CVE, Inc., Red Hat
http://marc.info/?l=bugtraq&m=140266410314613&w=2
CVE, Inc., Red Hat
http://marc.info/?l=bugtraq&m=140317760000786&w=2
CVE, Inc., Red Hat
http://marc.info/?l=bugtraq&m=140389274407904&w=2
CVE, Inc., Red Hat
http://marc.info/?l=bugtraq&m=140389355508263&w=2
CVE, Inc., Red Hat
http://marc.info/?l=bugtraq&m=140448122410568&w=2
CVE, Inc., Red Hat
http://marc.info/?l=bugtraq&m=140482916501310&w=2
CVE, Inc., Red Hat
http://marc.info/?l=bugtraq&m=140621259019789&w=2
CVE, Inc., Red Hat
http://marc.info/?l=bugtraq&m=140752315422991&w=2
CVE, Inc., Red Hat
http://marc.info/?l=bugtraq&m=140904544427729&w=2
CVE, Inc., Red Hat
http://secunia.com/advisories/58492
CVE, Inc., Red Hat
http://secunia.com/advisories/58727
CVE, Inc., Red Hat
http://secunia.com/advisories/58939
CVE, Inc., Red Hat
http://secunia.com/advisories/59040
CVE, Inc., Red Hat
http://secunia.com/advisories/59162
CVE, Inc., Red Hat
http://secunia.com/advisories/59175
CVE, Inc., Red Hat
http://secunia.com/advisories/59264
CVE, Inc., Red Hat
http://secunia.com/advisories/59300
CVE, Inc., Red Hat
http://secunia.com/advisories/59364
CVE, Inc., Red Hat
http://secunia.com/advisories/59374
CVE, Inc., Red Hat
http://secunia.com/advisories/59413
CVE, Inc., Red Hat
http://secunia.com/advisories/59438
CVE, Inc., Red Hat
http://secunia.com/advisories/59445
CVE, Inc., Red Hat
http://secunia.com/advisories/59450
CVE, Inc., Red Hat
http://secunia.com/advisories/59454
CVE, Inc., Red Hat
http://secunia.com/advisories/59490
CVE, Inc., Red Hat
http://secunia.com/advisories/59495
CVE, Inc., Red Hat
http://secunia.com/advisories/59514
CVE, Inc., Red Hat
http://secunia.com/advisories/59655
CVE, Inc., Red Hat
http://secunia.com/advisories/59721
CVE, Inc., Red Hat
http://secunia.com/advisories/60571
CVE, Inc., Red Hat
http://support.apple.com/kb/HT6443
CVE, Inc., Red Hat
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21673137
CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21676035
CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21676062
CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21676092
CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21676419
CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21676424
CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21676501
CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21676655
CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21677695
CVE, Inc., Red Hat
http://www-01.ibm.com/support/docview.wss?uid=swg21677828
CVE, Inc., Red Hat
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
CVE, Inc., Red Hat
http://www.mandriva.com/security/advisories?name=MDVSA-2014:067
CVE, Inc., Red Hat
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
CVE, Inc., Red Hat
http://www.novell.com/support/kb/doc.php?id=7015264
CVE, Inc., Red Hat
http://www.novell.com/support/kb/doc.php?id=7015300
CVE, Inc., Red Hat
http://www.openssl.org/news/secadv_20140605.txt
CVE, Inc., Red Hat
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
CVE, Inc., Red Hat
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
CVE, Inc., Red Hat
http://www.securityfocus.com/bid/66363
CVE, Inc., Red Hat
http://www.ubuntu.com/usn/USN-2165-1
CVE, Inc., Red Hat
https://bugs.gentoo.org/show_bug.cgi?id=505278
CVE, Inc., Red Hat
https://bugzilla.novell.com/show_bug.cgi?id=869945
CVE, Inc., Red Hat
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
CVE, Inc., Red Hat
https://kc.mcafee.com/corporate/index?page=content&id=SB10075
CVE, Inc., Red Hat
Weakness Enumeration
CWE-ID
CWE Name
Source
CWE-310
Cryptographic Issues
NIST
Change History
18 change records found show changes
CVE Modified by CVE 11/20/2024 9:01:18 PM
Action
Type
Old Value
New Value
Added
Reference
http://advisories.mageia.org/MGASA-2014-0165.html
Added
Reference
http://eprint.iacr.org/2014/140
Added
Reference
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29
Added
Reference
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
Added
Reference
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Added
Reference
http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html
Added
Reference
http://marc.info/?l=bugtraq&m=140266410314613&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=140266410314613&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=140317760000786&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=140389274407904&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=140389355508263&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=140448122410568&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=140482916501310&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=140621259019789&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=140752315422991&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=140904544427729&w=2
Added
Reference
http://secunia.com/advisories/58492
Added
Reference
http://secunia.com/advisories/58727
Added
Reference
http://secunia.com/advisories/58939
Added
Reference
http://secunia.com/advisories/59040
Added
Reference
http://secunia.com/advisories/59162
Added
Reference
http://secunia.com/advisories/59175
Added
Reference
http://secunia.com/advisories/59264
Added
Reference
http://secunia.com/advisories/59300
Added
Reference
http://secunia.com/advisories/59364
Added
Reference
http://secunia.com/advisories/59374
Added
Reference
http://secunia.com/advisories/59413
Added
Reference
http://secunia.com/advisories/59438
Added
Reference
http://secunia.com/advisories/59445
Added
Reference
http://secunia.com/advisories/59450
Added
Reference
http://secunia.com/advisories/59454
Added
Reference
http://secunia.com/advisories/59490
Added
Reference
http://secunia.com/advisories/59495
Added
Reference
http://secunia.com/advisories/59514
Added
Reference
http://secunia.com/advisories/59655
Added
Reference
http://secunia.com/advisories/59721
Added
Reference
http://secunia.com/advisories/60571
Added
Reference
http://support.apple.com/kb/HT6443
Added
Reference
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
Added
Reference
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
Added
Reference
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
Added
Reference
http://www-01.ibm.com/support/docview.wss?uid=swg21673137
Added
Reference
http://www-01.ibm.com/support/docview.wss?uid=swg21676035
Added
Reference
http://www-01.ibm.com/support/docview.wss?uid=swg21676062
Added
Reference
http://www-01.ibm.com/support/docview.wss?uid=swg21676092
Added
Reference
http://www-01.ibm.com/support/docview.wss?uid=swg21676419
Added
Reference
http://www-01.ibm.com/support/docview.wss?uid=swg21676424
Added
Reference
http://www-01.ibm.com/support/docview.wss?uid=swg21676501
Added
Reference
http://www-01.ibm.com/support/docview.wss?uid=swg21676655
Added
Reference
http://www-01.ibm.com/support/docview.wss?uid=swg21677695
Added
Reference
http://www-01.ibm.com/support/docview.wss?uid=swg21677828
Added
Reference
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
Added
Reference
http://www.mandriva.com/security/advisories?name=MDVSA-2014:067
Added
Reference
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
Added
Reference
http://www.novell.com/support/kb/doc.php?id=7015264
Added
Reference
http://www.novell.com/support/kb/doc.php?id=7015300
Added
Reference
http://www.openssl.org/news/secadv_20140605.txt
Added
Reference
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Added
Reference
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Added
Reference
http://www.securityfocus.com/bid/66363
Added
Reference
http://www.ubuntu.com/usn/USN-2165-1
Added
Reference
https://bugs.gentoo.org/show_bug.cgi?id=505278
Added
Reference
https://bugzilla.novell.com/show_bug.cgi?id=869945
Added
Reference
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
Added
Reference
https://kc.mcafee.com/corporate/index?page=content&id=SB10075
CVE Modified by Red Hat, Inc. 5/13/2024 11:06:15 PM
Action
Type
Old Value
New Value
CVE Modified by Red Hat, Inc. 2/12/2023 7:31:13 PM
Action
Type
Old Value
New Value
Added
Reference
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29 [No Types Assigned]
Removed
Reference
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29 [No Types Assigned]
CVE Modified by Red Hat, Inc. 12/15/2017 9:29:02 PM
Action
Type
Old Value
New Value
Added
Reference
http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html [No Types Assigned]
Added
Reference
http://www.ubuntu.com/usn/USN-2165-1 [No Types Assigned]
CVE Modified by Red Hat, Inc. 10/19/2017 9:29:01 PM
Action
Type
Old Value
New Value
Added
Reference
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html [No Types Assigned]
CVE Modified by Red Hat, Inc. 1/18/2017 9:59:00 PM
Action
Type
Old Value
New Value
Removed
Reference
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 [No Types Assigned]
CVE Modified by Red Hat, Inc. 1/06/2017 9:59:15 PM
Action
Type
Old Value
New Value
Added
Reference
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 [No Types Assigned]
Added
Reference
http://secunia.com/advisories/58492 [No Types Assigned]
Added
Reference
http://secunia.com/advisories/59040 [No Types Assigned]
Added
Reference
http://secunia.com/advisories/59175 [No Types Assigned]
Added
Reference
http://secunia.com/advisories/59264 [No Types Assigned]
Added
Reference
http://secunia.com/advisories/59364 [No Types Assigned]
Added
Reference
http://secunia.com/advisories/59374 [No Types Assigned]
Added
Reference
http://secunia.com/advisories/59445 [No Types Assigned]
Added
Reference
http://secunia.com/advisories/59454 [No Types Assigned]
Added
Reference
http://www-01.ibm.com/support/docview.wss?uid=swg21676501 [No Types Assigned]
Added
Reference
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 [No Types Assigned]
CVE Modified by Red Hat, Inc. 12/02/2016 10:00:55 PM
Action
Type
Old Value
New Value
Added
Reference
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html [No Types Assigned]
CVE Modified by Red Hat, Inc. 10/11/2016 9:59:15 PM
Action
Type
Old Value
New Value
Added
Reference
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
CVE Modified by Red Hat, Inc. 8/22/2016 10:06:37 PM
Action
Type
Old Value
New Value
Added
Reference
http://marc.info/?l=bugtraq&m=140266410314613&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=140317760000786&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=140389274407904&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=140389355508263&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=140448122410568&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=140482916501310&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=140621259019789&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=140752315422991&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=140904544427729&w=2
Modified Analysis by NIST 7/08/2016 1:20:53 PM
Action
Type
Old Value
New Value
Added
CVSS V2
(AV:L/AC:M/Au:N/C:P/I:N/A:N)
Removed
CVSS V2
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE Translated by NIST 6/17/2016 7:45:02 AM
Action
Type
Old Value
New Value
Added
Translation
La implementación de la escala Montgomery en OpenSSL hasta la versión 1.0.0l no asegura que ciertas operaciones de intercambio tengan un comportamiento constante en el tiempo, lo que facilita a usuarios locales obtener nonces ECDSA a través de un ataque de caché de canal lateral FLUSH+RELOAD.
Removed
Translation
La implementación Montgomery Ladder en OpenSSL hasta 1.0.0l no asegura que ciertas operaciones de intercambio tiene un comportamiento de tiempo constante, lo que facilita a atacantes remotos obtener cadenas de caracteres de un sólo uso ECDSA a través de un ataque de canal lateral de caché FLUSH+RELOAD.
CVE Modified by Red Hat, Inc. 6/16/2016 9:59:44 PM
Action
Type
Old Value
New Value
Removed
Reference
http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html
Removed
Reference
http://seclists.org/fulldisclosure/2015/Apr/5
Removed
Reference
http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded
CVE Modified by Red Hat, Inc. 5/15/2015 9:59:18 PM
Action
Type
Old Value
New Value
Added
Reference
http://www-01.ibm.com/support/docview.wss?uid=swg21676092
CVE Modified by Red Hat, Inc. 4/14/2015 9:59:56 PM
Action
Type
Old Value
New Value
Added
Reference
http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html
Added
Reference
http://seclists.org/fulldisclosure/2015/Apr/5
Added
Reference
http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded
CVE Modified by Red Hat, Inc. 3/31/2015 9:59:07 PM
Action
Type
Old Value
New Value
Added
Reference
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
CVE Modified by Red Hat, Inc. 1/22/2015 9:00:06 AM
Action
Type
Old Value
New Value
Added
Reference
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Initial CVE Analysis 3/25/2014 10:32:53 AM
Action
Type
Old Value
New Value
Quick Info
CVE Dictionary Entry: CVE-2014-0076 NVD
Published Date: 03/25/2014 NVD
Last Modified: 04/12/2025
Source: Red Hat, Inc.