CVE-2017-14737

EUVD-2017-6233
A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
botan_projectbotan
𝑥
≤ 1.10.16
botan_projectbotan
1.11.0
botan_projectbotan
1.11.1
botan_projectbotan
1.11.2
botan_projectbotan
1.11.3
botan_projectbotan
1.11.4
botan_projectbotan
1.11.5
botan_projectbotan
1.11.6
botan_projectbotan
1.11.7
botan_projectbotan
1.11.8
botan_projectbotan
1.11.9
botan_projectbotan
1.11.10
botan_projectbotan
1.11.11
botan_projectbotan
1.11.12
botan_projectbotan
1.11.13
botan_projectbotan
1.11.14
botan_projectbotan
1.11.15
botan_projectbotan
1.11.16
botan_projectbotan
1.11.17
botan_projectbotan
1.11.18
botan_projectbotan
1.11.19
botan_projectbotan
1.11.20
botan_projectbotan
1.11.21
botan_projectbotan
1.11.22
botan_projectbotan
1.11.23
botan_projectbotan
1.11.24
botan_projectbotan
1.11.25
botan_projectbotan
1.11.26
botan_projectbotan
1.11.27
botan_projectbotan
1.11.28
botan_projectbotan
1.11.33
botan_projectbotan
1.11.34
botan_projectbotan
2.0.0
botan_projectbotan
2.0.1
botan_projectbotan
2.1.0
botan_projectbotan
2.2.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
botan1.10
artful
ignored
bionic
not-affected
cosmic
not-affected
disco
dne
eoan
dne
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
mantic
dne
noble
dne
trusty
Fixed 1.10.5-1+deb7u1ubuntu0.14.04.1+esm1
released
xenial
needed
zesty
ignored
References
https://github.com/randombit/botan/issues/1222
https://lists.debian.org/debian-lts-announce/2021/11/msg00006.html
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai
https://github.com/randombit/botan/issues/1222
https://lists.debian.org/debian-lts-announce/2021/11/msg00006.html
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai