CVE-2018-20187

CVE-2018-20187

Name

CVE-2018-20187

Description

A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Not Applicable	https://github.com/crocs-muni/ECTester
Vendor Advisory	https://botan.randombit.net/security.html
Release Notes	https://botan.randombit.net/news.html

Type

URI

Not Applicable

https://github.com/crocs-muni/ECTester

Vendor Advisory

https://botan.randombit.net/security.html

Release Notes

https://botan.randombit.net/news.html

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:botan_project:botan::::::::`	botan	>= None	< 2.9.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*

botan

>= None

< 2.9.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
botan	edge-main	2.9.0-r0	None	fixed
botan	edge-main	2.7.0-r0	None	possibly vulnerable
botan	edge-main	2.6.0-r0	None	possibly vulnerable
botan	edge-main	2.5.0-r0	None	possibly vulnerable
botan	3.21-main	2.9.0-r0	None	fixed
botan	3.21-main	2.7.0-r0	None	possibly vulnerable
botan	3.21-main	2.6.0-r0	None	possibly vulnerable
botan	3.21-main	2.5.0-r0	None	possibly vulnerable
botan	3.20-main	2.9.0-r0	None	fixed
botan	3.20-main	2.7.0-r0	None	possibly vulnerable
botan	3.20-main	2.6.0-r0	None	possibly vulnerable
botan	3.20-main	2.5.0-r0	None	possibly vulnerable
botan	3.19-main	2.9.0-r0	None	fixed
botan	3.19-main	2.7.0-r0	None	possibly vulnerable
botan	3.19-main	2.6.0-r0	None	possibly vulnerable
botan	3.19-main	2.5.0-r0	None	possibly vulnerable
botan	3.18-main	2.9.0-r0	None	fixed
botan	3.17-main	2.9.0-r0	None	fixed
botan	3.12-main	2.9.0-r0	None	fixed
botan	3.11-main	2.9.0-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages