FortiClient VulnerabilityNodejs CVE-2016-0702 Information Disclosure Vulnerability
Description
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack.
Affected Applications
Nodejs
CVE References
CVE-2016-0702Other References
https://nodejs.org/en/blog/vulnerability/| ID | 73173 |
| Created | Sep 04, 2022 |
| Description Updated |
Dec 15, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Node.js Foundation |
| Patch | manual |
| Application | Nodejs |