1.9
LOW
CVE-2014-0076
OpenSSL Montgomery Ladder ECDSA Nonce Timing Side Channel Vulnerability
Description

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

INFO

Published Date :

March 25, 2014, 1:25 p.m.

Last Modified :

Feb. 13, 2023, 12:31 a.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

2.9

Exploitability Score :

3.4
Public PoC/Exploit Available at Github

CVE-2014-0076 has a 3 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2014-0076 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Openssl openssl
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2014-0076.

URL Resource
http://advisories.mageia.org/MGASA-2014-0165.html
http://eprint.iacr.org/2014/140
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html
http://marc.info/?l=bugtraq&m=140266410314613&w=2
http://marc.info/?l=bugtraq&m=140317760000786&w=2
http://marc.info/?l=bugtraq&m=140389274407904&w=2
http://marc.info/?l=bugtraq&m=140389355508263&w=2
http://marc.info/?l=bugtraq&m=140448122410568&w=2
http://marc.info/?l=bugtraq&m=140482916501310&w=2
http://marc.info/?l=bugtraq&m=140621259019789&w=2
http://marc.info/?l=bugtraq&m=140752315422991&w=2
http://marc.info/?l=bugtraq&m=140904544427729&w=2
http://secunia.com/advisories/58492
http://secunia.com/advisories/58727
http://secunia.com/advisories/58939
http://secunia.com/advisories/59040
http://secunia.com/advisories/59162
http://secunia.com/advisories/59175
http://secunia.com/advisories/59264
http://secunia.com/advisories/59300
http://secunia.com/advisories/59364
http://secunia.com/advisories/59374
http://secunia.com/advisories/59413
http://secunia.com/advisories/59438
http://secunia.com/advisories/59445
http://secunia.com/advisories/59450
http://secunia.com/advisories/59454
http://secunia.com/advisories/59490
http://secunia.com/advisories/59495
http://secunia.com/advisories/59514
http://secunia.com/advisories/59655
http://secunia.com/advisories/59721
http://secunia.com/advisories/60571
http://support.apple.com/kb/HT6443
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
http://www-01.ibm.com/support/docview.wss?uid=swg21673137
http://www-01.ibm.com/support/docview.wss?uid=swg21676035
http://www-01.ibm.com/support/docview.wss?uid=swg21676062
http://www-01.ibm.com/support/docview.wss?uid=swg21676092
http://www-01.ibm.com/support/docview.wss?uid=swg21676419
http://www-01.ibm.com/support/docview.wss?uid=swg21676424
http://www-01.ibm.com/support/docview.wss?uid=swg21676501
http://www-01.ibm.com/support/docview.wss?uid=swg21676655
http://www-01.ibm.com/support/docview.wss?uid=swg21677695
http://www-01.ibm.com/support/docview.wss?uid=swg21677828
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
http://www.mandriva.com/security/advisories?name=MDVSA-2014:067
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www.novell.com/support/kb/doc.php?id=7015264
http://www.novell.com/support/kb/doc.php?id=7015300
http://www.openssl.org/news/secadv_20140605.txt
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.securityfocus.com/bid/66363
http://www.ubuntu.com/usn/USN-2165-1
https://bugs.gentoo.org/show_bug.cgi?id=505278
https://bugzilla.novell.com/show_bug.cgi?id=869945
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
https://kc.mcafee.com/corporate/index?page=content&id=SB10075

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
chnzzh/OpenSSL-CVE-lib

None

Updated: 2 months, 2 weeks ago
5 stars 0 fork 0 watcher
Born at : Feb. 23, 2023, 5:42 a.m. This repo has been linked 455 different CVEs too.
Profile Photo
hrbrmstr/internetdb

Fast IP Lookups for Open Ports and Vulnerabilities

r rstats shodan shodan-api

R

Updated: 5 months, 3 weeks ago
3 stars 1 fork 1 watcher
Born at : June 20, 2022, 1:53 p.m. This repo has been linked 50 different CVEs too.
Profile Photo
uvhw/uvhw.bitcoin.js

uvhw.bitcoin.js

C++ Makefile Shell M4 C Python Batchfile Scheme QMake CMake

Updated: 3 months, 1 week ago
3 stars 0 fork 0 watcher
Born at : April 13, 2022, 2:35 a.m. This repo has been linked 2 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2014-0076 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2014-0076 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Feb. 13, 2023

    Action Type Old Value New Value
    Removed Reference http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29 [No Types Assigned]
    Added Reference http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29 [No Types Assigned]
  • CVE Modified by [email protected]

    Dec. 16, 2017

    Action Type Old Value New Value
    Added Reference http://www.ubuntu.com/usn/USN-2165-1 [No Types Assigned]
    Added Reference http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 20, 2017

    Action Type Old Value New Value
    Added Reference http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html [No Types Assigned]
  • CVE Modified by [email protected]

    Jan. 19, 2017

    Action Type Old Value New Value
    Removed Reference https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 [No Types Assigned]
  • CVE Modified by [email protected]

    Jan. 07, 2017

    Action Type Old Value New Value
    Added Reference https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 [No Types Assigned]
    Added Reference http://www-01.ibm.com/support/docview.wss?uid=swg21676501 [No Types Assigned]
    Added Reference http://secunia.com/advisories/59454 [No Types Assigned]
    Added Reference http://secunia.com/advisories/59445 [No Types Assigned]
    Added Reference http://secunia.com/advisories/59374 [No Types Assigned]
    Added Reference http://secunia.com/advisories/59364 [No Types Assigned]
    Added Reference http://secunia.com/advisories/59264 [No Types Assigned]
    Added Reference http://secunia.com/advisories/59175 [No Types Assigned]
    Added Reference http://secunia.com/advisories/59040 [No Types Assigned]
    Added Reference http://secunia.com/advisories/58492 [No Types Assigned]
    Added Reference http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 [No Types Assigned]
  • CVE Modified by [email protected]

    Dec. 03, 2016

    Action Type Old Value New Value
    Added Reference http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 12, 2016

    Action Type Old Value New Value
    Added Reference https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
  • CVE Modified by [email protected]

    Aug. 23, 2016

    Action Type Old Value New Value
    Added Reference http://marc.info/?l=bugtraq&m=140266410314613&w=2
    Added Reference http://marc.info/?l=bugtraq&m=140448122410568&w=2
    Added Reference http://marc.info/?l=bugtraq&m=140621259019789&w=2
    Added Reference http://marc.info/?l=bugtraq&m=140482916501310&w=2
    Added Reference http://marc.info/?l=bugtraq&m=140389274407904&w=2
    Added Reference http://marc.info/?l=bugtraq&m=140317760000786&w=2
    Added Reference http://marc.info/?l=bugtraq&m=140904544427729&w=2
    Added Reference http://marc.info/?l=bugtraq&m=140389355508263&w=2
    Added Reference http://marc.info/?l=bugtraq&m=140752315422991&w=2
  • Modified Analysis by [email protected]

    Jul. 08, 2016

    Action Type Old Value New Value
    Removed CVSS V2 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
    Added CVSS V2 (AV:L/AC:M/Au:N/C:P/I:N/A:N)
  • CVE Translated by [email protected]

    Jun. 17, 2016

    Action Type Old Value New Value
    Removed Translation La implementación Montgomery Ladder en OpenSSL hasta 1.0.0l no asegura que ciertas operaciones de intercambio tiene un comportamiento de tiempo constante, lo que facilita a atacantes remotos obtener cadenas de caracteres de un sólo uso ECDSA a través de un ataque de canal lateral de caché FLUSH+RELOAD.
    Added Translation La implementación de la escala Montgomery en OpenSSL hasta la versión 1.0.0l no asegura que ciertas operaciones de intercambio tengan un comportamiento constante en el tiempo, lo que facilita a usuarios locales obtener nonces ECDSA a través de un ataque de caché de canal lateral FLUSH+RELOAD.
  • CVE Modified by [email protected]

    Jun. 17, 2016

    Action Type Old Value New Value
    Removed Reference http://seclists.org/fulldisclosure/2015/Apr/5
    Removed Reference http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded
    Removed Reference http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html
  • CVE Modified by [email protected]

    May. 16, 2015

    Action Type Old Value New Value
    Added Reference http://www-01.ibm.com/support/docview.wss?uid=swg21676092
  • CVE Modified by [email protected]

    Apr. 15, 2015

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html
    Added Reference http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded
    Added Reference http://seclists.org/fulldisclosure/2015/Apr/5
  • CVE Modified by [email protected]

    Apr. 01, 2015

    Action Type Old Value New Value
    Added Reference http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
  • CVE Modified by [email protected]

    Jan. 22, 2015

    Action Type Old Value New Value
    Added Reference http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
  • Initial Analysis by [email protected]

    Mar. 25, 2014

    Action Type Old Value New Value
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2014-0076 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2014-0076 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.05 }} 0.00%

score

0.14046

percentile

CVSS2 - Vulnerability Scoring System
Access Vector
Access Complexity
Authentication
Confidentiality
Integrity
Availability
: