Your submission was sent successfully! Close

CVE-2018-20187

Published: 08 March 2019

A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
botan
Launchpad, Ubuntu, Debian
Upstream
Released (2.9.0-2)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(2.9.0-2)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2.9.0-2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.9.0-2)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

botan1.10
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(debian: Vulnerable code introduced in 1.11.20)
Ubuntu 21.10 (Impish Indri) Does not exist

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)