CVE Vulnerability

CVE-2018-20187

A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

5.9 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/crocs-muni/ECTester Not Applicable Third Party Advisory
https://botan.randombit.net/security.html Vendor Advisory
https://botan.randombit.net/news.html Release Notes Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*
Information

Published : 2019-03-08 07:29

Updated : 2019-03-12 08:39

NVD link : CVE-2018-20187

Mitre link : CVE-2018-20187

Products Affected
No products.
CWE
CWE-320