The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Botan | Botan_project | * | 1.10.7 |
Botan | Botan_project | 1.11.0 | 1.11.0 |
Botan | Botan_project | 1.11.3 | 1.11.3 |
Botan | Botan_project | 1.11.1 | 1.11.1 |
Botan | Botan_project | 1.11.6 | 1.11.6 |
Botan | Botan_project | 1.11.4 | 1.11.4 |
Botan | Botan_project | 1.11.7 | 1.11.7 |
Botan | Botan_project | 1.11.5 | 1.11.5 |
Botan | Botan_project | 1.11.8 | 1.11.8 |
Botan | Botan_project | 1.11.2 | 1.11.2 |