CVE-2014-0076
EPSS 0.36%openssl - security update
發布日:2014/3/25修改日:2026/4/28
描述
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
受影響套件(2)
- Debian/opensslfrom 0, < 1.0.1g-1
- Debian/opensslfrom 0, < 0.9.8o-4squeeze15