CVE-2021-24115

Name

CVE-2021-24115

Description

In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

Exploits

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
Release Notes	https://botan.randombit.net/news.html
Patch	https://github.com/randombit/botan/pull/2549
Patch	https://github.com/randombit/botan/compare/2.17.2...2.17.3

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:botan_project:botan::::::::`	botan	>= None	< 2.17.3

Source package	Branch	Version	Maintainer	Status
botan	edge-main	2.17.3-r0	None	fixed
botan	edge-main	2.9.0-r0	None	possibly vulnerable
botan	edge-main	2.7.0-r0	None	possibly vulnerable
botan	edge-main	2.6.0-r0	None	possibly vulnerable
botan	edge-main	2.5.0-r0	None	possibly vulnerable
botan	3.21-main	2.17.3-r0	None	fixed
botan	3.21-main	2.9.0-r0	None	possibly vulnerable
botan	3.21-main	2.7.0-r0	None	possibly vulnerable
botan	3.21-main	2.6.0-r0	None	possibly vulnerable
botan	3.21-main	2.5.0-r0	None	possibly vulnerable
botan	3.20-main	2.17.3-r0	None	fixed
botan	3.20-main	2.9.0-r0	None	possibly vulnerable
botan	3.20-main	2.7.0-r0	None	possibly vulnerable
botan	3.20-main	2.6.0-r0	None	possibly vulnerable
botan	3.20-main	2.5.0-r0	None	possibly vulnerable
botan	3.19-main	2.17.3-r0	None	fixed
botan	3.19-main	2.9.0-r0	None	possibly vulnerable
botan	3.19-main	2.7.0-r0	None	possibly vulnerable
botan	3.19-main	2.6.0-r0	None	possibly vulnerable
botan	3.19-main	2.5.0-r0	None	possibly vulnerable
botan	3.18-main	2.17.3-r0	None	fixed
botan	3.17-main	2.17.3-r0	None	fixed
botan	3.12-main	2.11.0-r6	Natanael Copa <ncopa@alpinelinux.org>	fixed
botan	3.11-main	2.11.0-r4	Natanael Copa <ncopa@alpinelinux.org>	fixed