CVE-2014-9742

EUVD-2014-9548
The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
botan_projectbotan
𝑥
≤ 1.10.7
botan_projectbotan
1.11.0
botan_projectbotan
1.11.1
botan_projectbotan
1.11.2
botan_projectbotan
1.11.3
botan_projectbotan
1.11.4
botan_projectbotan
1.11.5
botan_projectbotan
1.11.6
botan_projectbotan
1.11.7
botan_projectbotan
1.11.8
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
botan1.10
precise
ignored
trusty
Fixed 1.10.5-1+deb7u1ubuntu0.14.04.1
released
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://botan.randombit.net/security.html
http://marc.info/?l=botan-devel&m=139717503205066&w=2
http://botan.randombit.net/security.html
http://marc.info/?l=botan-devel&m=139717503205066&w=2