Vulnerability Details : CVE-2018-20187
A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement.
Products affected by CVE-2018-20187
- cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-20187
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-20187
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2018-20187
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-20187
-
https://botan.randombit.net/news.html
Release Notes — BotanRelease Notes;Vendor Advisory
-
https://github.com/crocs-muni/ECTester
GitHub - crocs-muni/ECTester: Tests support and behavior of elliptic curve cryptography implementations on JavaCards (TYPE_EC_FP and TYPE_EC_F2M) and in selected software libraries.Not Applicable;Third Party Advisory
-
https://botan.randombit.net/security.html
Security Advisories — BotanVendor Advisory
Jump to