Description
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Co-Authors Plus Multiple Unspecified Vulnerabilities (3.1.2)
Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2021-21025)
WordPress Plugin weForms-Easy Drag & Drop Contact Form Builder For WordPress CSV Injection (1.6.3)
Oracle Database Server CVE-2007-2109 Vulnerability (CVE-2007-2109)