Your submission was sent successfully! Close

CVE-2018-12435

Published: 15 June 2018

Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
botan
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.0-3)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.6.0-3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3
botan1.10
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(debian: Issue introduced in 2.5.0)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)