Botan prior to 1.10.13 and 1.11.x prior to 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote malicious users to obtain ECDSA secret keys via a timing side-channel attack.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
debian debian linux 8.0 |
||
fedoraproject fedora 24 |
||
botan project botan 1.11.22 |
||
botan project botan 1.11.21 |
||
botan project botan 1.11.14 |
||
botan project botan 1.11.13 |
||
botan project botan 1.11.12 |
||
botan project botan 1.11.5 |
||
botan project botan 1.11.4 |
||
botan project botan 1.11.26 |
||
botan project botan 1.11.25 |
||
botan project botan 1.11.18 |
||
botan project botan 1.11.17 |
||
botan project botan 1.11.9 |
||
botan project botan 1.11.8 |
||
botan project botan 1.11.1 |
||
botan project botan 1.11.0 |
||
botan project botan 1.11.28 |
||
botan project botan 1.11.27 |
||
botan project botan 1.11.20 |
||
botan project botan 1.11.19 |
||
botan project botan 1.11.11 |
||
botan project botan 1.11.10 |
||
botan project botan 1.11.3 |
||
botan project botan 1.11.2 |
||
botan project botan 1.11.24 |
||
botan project botan 1.11.23 |
||
botan project botan 1.11.16 |
||
botan project botan 1.11.15 |
||
botan project botan 1.11.7 |
||
botan project botan 1.11.6 |
||
botan project botan 1.10.12 |
Vulmon