Your submission was sent successfully! Close

CVE-2017-14737

Published: 26 September 2017

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.

From the Ubuntu security team

It was discovered that Botan did not properly implement RSA. An attacker could possibly use this to perform a side-channel attack and recover information about RSA secret keys.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
botan1.10
Launchpad, Ubuntu, Debian
Upstream
Released (1.10.5-1+deb7u4, 1.10.17-0.1)
Ubuntu 21.10 (Impish Indri) Does not exist

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.10.17-0.1)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)