CVE Vulnerabilities

CVE-2017-14737

Published: Sep 26, 2017 | Modified: Dec 15, 2021
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.

Affected Software

Name Vendor Start Version End Version
Botan Botan_project * 1.10.16 (including)
Botan Botan_project 1.11.0 (including) 1.11.0 (including)
Botan Botan_project 1.11.1 (including) 1.11.1 (including)
Botan Botan_project 1.11.2 (including) 1.11.2 (including)
Botan Botan_project 1.11.3 (including) 1.11.3 (including)
Botan Botan_project 1.11.4 (including) 1.11.4 (including)
Botan Botan_project 1.11.5 (including) 1.11.5 (including)
Botan Botan_project 1.11.6 (including) 1.11.6 (including)
Botan Botan_project 1.11.7 (including) 1.11.7 (including)
Botan Botan_project 1.11.8 (including) 1.11.8 (including)
Botan Botan_project 1.11.9 (including) 1.11.9 (including)
Botan Botan_project 1.11.10 (including) 1.11.10 (including)
Botan Botan_project 1.11.11 (including) 1.11.11 (including)
Botan Botan_project 1.11.12 (including) 1.11.12 (including)
Botan Botan_project 1.11.13 (including) 1.11.13 (including)
Botan Botan_project 1.11.14 (including) 1.11.14 (including)
Botan Botan_project 1.11.15 (including) 1.11.15 (including)
Botan Botan_project 1.11.16 (including) 1.11.16 (including)
Botan Botan_project 1.11.17 (including) 1.11.17 (including)
Botan Botan_project 1.11.18 (including) 1.11.18 (including)
Botan Botan_project 1.11.19 (including) 1.11.19 (including)
Botan Botan_project 1.11.20 (including) 1.11.20 (including)
Botan Botan_project 1.11.21 (including) 1.11.21 (including)
Botan Botan_project 1.11.22 (including) 1.11.22 (including)
Botan Botan_project 1.11.23 (including) 1.11.23 (including)
Botan Botan_project 1.11.24 (including) 1.11.24 (including)
Botan Botan_project 1.11.25 (including) 1.11.25 (including)
Botan Botan_project 1.11.26 (including) 1.11.26 (including)
Botan Botan_project 1.11.27 (including) 1.11.27 (including)
Botan Botan_project 1.11.28 (including) 1.11.28 (including)
Botan Botan_project 1.11.33 (including) 1.11.33 (including)
Botan Botan_project 1.11.34 (including) 1.11.34 (including)
Botan Botan_project 2.0.0 (including) 2.0.0 (including)
Botan Botan_project 2.0.1 (including) 2.0.1 (including)
Botan Botan_project 2.1.0 (including) 2.1.0 (including)
Botan Botan_project 2.2.0 (including) 2.2.0 (including)
Botan1.10 Ubuntu artful *
Botan1.10 Ubuntu esm-apps/xenial *
Botan1.10 Ubuntu trusty *
Botan1.10 Ubuntu trusty/esm *
Botan1.10 Ubuntu upstream *
Botan1.10 Ubuntu xenial *
Botan1.10 Ubuntu zesty *

References