CVE-2016-0702 in Xcodeinfo

Summary

The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

12/16/2015

Disclosure

03/02/2016

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
93151	Apple Xcode Node.js information disclosure	200	Not defined	Official fix	CVE-2016-0702
90006	Oracle Communications Session Border Controller Encryption information disclosure	200	Not defined	Official fix	CVE-2016-0702
81145	OpenSSL Intel Sandy-Bridge Microarchitecture Key information disclosure	200	Unproven	Official fix	CVE-2016-0702

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!