5.5

CVE-2017-14737

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Botan ProjectBotan Version <= 1.10.16
Botan ProjectBotan Version1.11.0
Botan ProjectBotan Version1.11.1
Botan ProjectBotan Version1.11.2
Botan ProjectBotan Version1.11.3
Botan ProjectBotan Version1.11.4
Botan ProjectBotan Version1.11.5
Botan ProjectBotan Version1.11.6
Botan ProjectBotan Version1.11.7
Botan ProjectBotan Version1.11.8
Botan ProjectBotan Version1.11.9
Botan ProjectBotan Version1.11.10
Botan ProjectBotan Version1.11.11
Botan ProjectBotan Version1.11.12
Botan ProjectBotan Version1.11.13
Botan ProjectBotan Version1.11.14
Botan ProjectBotan Version1.11.15
Botan ProjectBotan Version1.11.16
Botan ProjectBotan Version1.11.17
Botan ProjectBotan Version1.11.18
Botan ProjectBotan Version1.11.19
Botan ProjectBotan Version1.11.20
Botan ProjectBotan Version1.11.21
Botan ProjectBotan Version1.11.22
Botan ProjectBotan Version1.11.23
Botan ProjectBotan Version1.11.24
Botan ProjectBotan Version1.11.25
Botan ProjectBotan Version1.11.26
Botan ProjectBotan Version1.11.27
Botan ProjectBotan Version1.11.28
Botan ProjectBotan Version1.11.33
Botan ProjectBotan Version1.11.34
Botan ProjectBotan Version2.0.0
Botan ProjectBotan Version2.0.1
Botan ProjectBotan Version2.1.0
Botan ProjectBotan Version2.2.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.32% 0.233
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://github.com/randombit/botan/issues/1222
Third Party Advisory
Issue Tracking
https://lists.debian.org/debian-lts-announce/2021/11/msg00006.html
Third Party Advisory
Mailing List
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai
Third Party Advisory