CVE-2021-24115

EUVD-2021-11030
In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
botan_projectbotan
𝑥
< 2.17.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
botan
bookworm
2.19.3+dfsg-1
fixed
bullseye
2.17.3+dfsg-2
fixed
buster
no-dsa
sid
2.19.5+dfsg-3
fixed
stretch
not-affected
trixie
2.19.5+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
botan
bionic
needs-triage
focal
needs-triage
groovy
ignored
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
dne
xenial
dne
botan1.10
bionic
needs-triage
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
needs-triage
xenial
needs-triage
References
https://botan.randombit.net/news.html
https://github.com/randombit/botan/compare/2.17.2...2.17.3
https://github.com/randombit/botan/pull/2549
https://botan.randombit.net/news.html
https://github.com/randombit/botan/compare/2.17.2...2.17.3
https://github.com/randombit/botan/pull/2549