Severity: Unknown
Affected Package: openssl
Summary: OpenSSL ECDSA nonce timing information disclosure
A flaw in OpenSSL ECDSA processing (the FLUSH+RELOAD nonce leak) could allow recovery of ECDSA private keys via a timing side channel. MidnightBSD's OpenSSL 0.9.8 branch required the CVE-2014-0076 fix but was not affected by the concurrent Heartbleed issue (CVE-2014-0160), which only affected OpenSSL 1.0.1.
No specific recommendations provided.
Aliases: CVE-2014-0076
Published: April 09, 2014
Last Modified: April 09, 2014