628 matches found
UBUNTU-CVE-2024-50382
Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V...
UBUNTU-CVE-2024-50383
Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...
CVE-2024-50383
Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...
CVE-2024-50382
Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V...
CVE-2024-50382
Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V...
Botan 安全漏洞
Botan is a C++ cryptographic library by the individual developer Jack Lloyd. A security vulnerability exists in versions of Botan prior to 3.6.0, which stems from a compiler-caused secret dependency operation when compiling with some versions of GCC. An addition operation could be skipped if the...
Botan 安全漏洞
Botan is a C++ cryptographic library by the individual developer Jack Lloyd. A security vulnerability exists in Botan versions prior to 3.6.0, which stems from a compiler-caused secret dependency control flow when compiling with certain versions of LLVM...
CVE-2024-50383
Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...
CVE-2024-50382
CVE-2024-50382 affects Botan before 3.6.0, where certain LLVM versions trigger compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp (GHASH in AES-GCM). A branch instead of an XOR with carry was observed, notably with Clang/LLVM 15 on RISC-V. The issue can cause undefined be...
CVE-2024-50383
Botan before 3.6.0 is affected by CVE-2024-50383 due to a compiler-induced secret-dependent operation in donna128.h (donna128) used by ChaCha-Poly1305 and x25519. The issue was observed with GCC 11.3.0 -O2 on MIPS and GCC on x86-32 (only 32-bit processors). Reports in Mageia/openSUSE/Ubutnu advis...
CVE-2024-50382
Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V...
CVE-2024-50383
Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...
CVE-2024-50383
Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...
CVE-2024-50382
Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V...
PT-2024-7941 · Botan +3 · Botan +3
Name of the Vulnerable Software and Affected Versions: Botan versions prior to 3.6.0 Description: The issue is related to a component of the Botan cryptographic library, specifically in lib/utils/ghash/ghash.cpp, where there is a potential information disclosure due to inconsistency. This could...
PT-2024-7940
Name of the Vulnerable Software and Affected Versions Botan versions prior to 3.6.0 Description The issue is related to a compiler-induced secret-dependent operation in the lib/utils/donna128.h component of the Botan cryptographic library. This can lead to information disclosure through...
The vulnerability of the C++ Botan cryptographic library, related to incorrect certificate verification, allows attackers to influence the integrity of the system.
The vulnerability of the C++ Botan cryptographic library is related to errors in the certificate validation process. Exploiting this vulnerability could allow a malicious actor to influence the integrity of the system remotely...
The vulnerability of the C++ Botan cryptographic library, related to asymmetric resource consumption, allows a hacker to induce a service failure.
The vulnerability of the C++ Botan cryptographic library is related to asymmetric resource consumption due to an excessive number of names in the subjectAlternativeName field during the processing of X.509 certificates. Exploiting this vulnerability can allow a remote attacker to cause service...
ROS-20241001-13
A vulnerability in the Botan C++ cryptographic library is related to asymmetric resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the C++ Botan cryptographic library is related to errors in parsing...
MGASA-2024-0297 Updated botan2 packages fix security vulnerability
An attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at mos...