Lucene search

FreeBSD7762D7AD-2E38-41D2-9785-C51F653BA8BD

HistoryJun 13, 2018 - 12:00 a.m.

botan2 -- ECDSA side channel

2018-06-1300:00:00

vuxml.freebsd.org

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

50.3%

JSON

botan2 developers report:

A side channel in the ECDSA signature operation could allow a local attacker to recover the secret key. Found by Keegan Ryan of NCC Group.
Bug introduced in 2.5.0, fixed in 2.7.0. The 1.10 branch is not affected.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchbotan2= 2.5.0UNKNOWN
FreeBSDanynoarchbotan2< 2.7.0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	botan2	= 2.5.0	UNKNOWN
FreeBSD	any	noarch	botan2	< 2.7.0	UNKNOWN

References

botan.randombit.net/security.html#id1

github.com/randombit/botan/pull/1604

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

50.3%

JSON

Related for 7762D7AD-2E38-41D2-9785-C51F653BA8BD