CVE-2018-20187

Priority
Description
A side-channel issue was discovered in Botan before 2.9.0. An attacker
capable of precisely measuring the time taken for ECC key generation may be
able to derive information about the high bits of the secret key, as the
function to derive the public point from the secret scalar uses an
unblinded Montgomery ladder whose loop iteration count depends on the
bitlength of the secret. This issue affects only key generation, not ECDSA
signatures or ECDH key agreement.
Notes
Package
Source: botan (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.04 (Disco Dingo):not-affected (2.9.0-2)
Ubuntu 19.10 (Eoan):not-affected (2.9.0-2)
Package
Upstream:not-affected (debian: Vulnerable code introduced in 1.11.20)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
More Information

Updated: 2019-10-18 02:39:12 UTC (commit cccfc4426d8c1fbf582a89d981fe7fc812124543)