MNBSD-2014-3: OpenSSL ECDSA nonce timing information disclosure

Severity: Unknown

Affected Package: openssl

Summary: OpenSSL ECDSA nonce timing information disclosure

Description

A flaw in OpenSSL ECDSA processing (the FLUSH+RELOAD nonce leak) could allow recovery of ECDSA private keys via a timing side channel. MidnightBSD's OpenSSL 0.9.8 branch required the CVE-2014-0076 fix but was not affected by the concurrent Heartbleed issue (CVE-2014-0160), which only affected OpenSSL 1.0.1.

Affected Versions

openssl

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2014-0076

Published: April 09, 2014
Last Modified: April 09, 2014