Candidate: CVE-2018-20187
PublicDate: 2019-03-08 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20187
 https://github.com/randombit/botan/pull/1792
 https://github.com/randombit/botan/commit/70aa7303acfff9eefc24598c289a84db3579ebd1
Description:
 A side-channel issue was discovered in Botan before 2.9.0. An attacker
 capable of precisely measuring the time taken for ECC key generation may be
 able to derive information about the high bits of the secret key, as the
 function to derive the public point from the secret scalar uses an
 unblinded Montgomery ladder whose loop iteration count depends on the
 bitlength of the secret. This issue affects only key generation, not ECDSA
 signatures or ECDH key agreement.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918732
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N [5.9 MEDIUM]


Patches_botan1.10:
upstream_botan1.10: not-affected (debian: Vulnerable code introduced in 1.11.20)
precise/esm_botan1.10: DNE
trusty_botan1.10: ignored (reached end-of-life)
trusty/esm_botan1.10: DNE (trusty was needs-triage)
xenial_botan1.10: not-affected (code not present)
bionic_botan1.10: not-affected (code not present)
cosmic_botan1.10: ignored (reached end-of-life)
disco_botan1.10: DNE
eoan_botan1.10: DNE
focal_botan1.10: DNE
groovy_botan1.10: DNE
hirsute_botan1.10: DNE
impish_botan1.10: DNE
jammy_botan1.10: DNE
devel_botan1.10: DNE

Patches_botan:
upstream_botan: released (2.9.0-2)
precise/esm_botan: DNE
trusty_botan: DNE
trusty/esm_botan: DNE
xenial_botan: DNE
bionic_botan: needed
cosmic_botan: ignored (reached end-of-life)
disco_botan: not-affected (2.9.0-2)
eoan_botan: not-affected (2.9.0-2)
focal_botan: not-affected (2.9.0-2)
groovy_botan: not-affected (2.9.0-2)
hirsute_botan: not-affected (2.9.0-2)
impish_botan: not-affected (2.9.0-2)
jammy_botan: not-affected (2.9.0-2)
devel_botan: not-affected (2.9.0-2)