In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack.
{
"cpe": [
"cpe:2.3:a:botan_project:botan:1.11.29:*:*:*:*:*:*:*",
"cpe:2.3:a:botan_project:botan:1.11.30:*:*:*:*:*:*:*",
"cpe:2.3:a:botan_project:botan:1.11.31:*:*:*:*:*:*:*",
"cpe:2.3:a:botan_project:botan:1.11.32:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "1.11.29"
},
{
"last_affected": "1.11.29"
},
{
"introduced": "1.11.30"
},
{
"last_affected": "1.11.30"
},
{
"introduced": "1.11.31"
},
{
"last_affected": "1.11.31"
},
{
"introduced": "1.11.32"
},
{
"last_affected": "1.11.32"
}
]
}