Vulnerability Description
A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Botan Project | Botan | < 2.9.0 |
Related Weaknesses (CWE)
References
- https://botan.randombit.net/news.htmlRelease NotesVendor Advisory
- https://botan.randombit.net/security.htmlVendor Advisory
- https://github.com/crocs-muni/ECTesterNot ApplicableThird Party Advisory
- https://botan.randombit.net/news.htmlRelease NotesVendor Advisory
- https://botan.randombit.net/security.htmlVendor Advisory
- https://github.com/crocs-muni/ECTesterNot ApplicableThird Party Advisory
FAQ
What is CVE-2018-20187?
CVE-2018-20187 is a vulnerability with a CVSS score of 5.9 (MEDIUM). A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the...
How severe is CVE-2018-20187?
CVE-2018-20187 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-20187?
Check the references section above for vendor advisories and patch information. Affected products include: Botan Project Botan.