FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

botan2 -- Side channel during ECC key generation

Affected packages
botan2 < 2.9.0

Details

VuXML ID d8e7e854-17fa-11e9-bef6-6805ca2fa271
Discovery 2018-12-17
Entry 2019-01-27

botan2 developers reports:

A timing side channel during ECC key generation could leak information about the high bits of the secret scalar. Such information allows an attacker to perform a brute force attack on the key somewhat more efficiently than they would otherwise. Found by Ján Jančár using ECTester.

Bug introduced in 1.11.20, fixed in 2.9.0

[source]

References

CVE Name CVE-2018-20187
URL https://botan.randombit.net/security.html#id1

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.