Lucene search

K
opensslOpenSSLOPENSSL:CVE-2014-0076
HistoryFeb 14, 2014 - 12:00 a.m.

Vulnerability in OpenSSL CVE-2014-0076

2014-02-1400:00:00
www.openssl-library.org
38

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

17.0%

Fix for the attack described in the paper “Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack”.

Found by Yuval Yarom and Naomi Benger.

Affected configurations

Vulners
Node
opensslopensslRange1.0.11.0.1g
OR
opensslopensslRange1.0.01.0.0m
OR
opensslopensslRange0.9.80.9.8za
VendorProductVersionCPE
opensslopenssl*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

17.0%