A cryptographic cache-based side channel in the RSA implementation in Botan prior to 1.10.17, and 1.11.x and 2.x prior to 2.3.0, allows a local malicious user to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
botan project botan 1.11.6 |
||
botan project botan 1.11.7 |
||
botan project botan 1.11.8 |
||
botan project botan 1.11.9 |
||
botan project botan 1.11.23 |
||
botan project botan 1.11.24 |
||
botan project botan 1.11.25 |
||
botan project botan 1.11.26 |
||
botan project botan |
||
botan project botan 1.11.0 |
||
botan project botan 1.11.1 |
||
botan project botan 1.11.15 |
||
botan project botan 1.11.16 |
||
botan project botan 1.11.17 |
||
botan project botan 1.11.18 |
||
botan project botan 2.0.0 |
||
botan project botan 2.0.1 |
||
botan project botan 2.1.0 |
||
botan project botan 2.2.0 |
||
botan project botan 1.11.3 |
||
botan project botan 1.11.5 |
||
botan project botan 1.11.10 |
||
botan project botan 1.11.12 |
||
botan project botan 1.11.14 |
||
botan project botan 1.11.19 |
||
botan project botan 1.11.21 |
||
botan project botan 1.11.28 |
||
botan project botan 1.11.34 |
||
botan project botan 1.11.2 |
||
botan project botan 1.11.4 |
||
botan project botan 1.11.11 |
||
botan project botan 1.11.13 |
||
botan project botan 1.11.20 |
||
botan project botan 1.11.22 |
||
botan project botan 1.11.27 |
||
botan project botan 1.11.33 |
||
debian debian linux 9.0 |