CVEs-PoC/2014/CVE-2014-0076.md at 1d6c9cc2d32011b4067709e82e65c19a7c3a8db8

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-10 20:04:58 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

POC

Reference

http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
https://kc.mcafee.com/corporate/index?page=content&id=SB10075

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Yuning-J/PatchRank
https://github.com/chnzzh/OpenSSL-CVE-lib
https://github.com/hrbrmstr/internetdb
https://github.com/uvhw/uvhw.bitcoin.js

1.2 KiB Raw Blame History

CVE-2014-0076

Description

POC

Reference

Github

1.2 KiB

Raw Blame History