CVE-2016-8871
- Source
- https://cve.org/CVERecord?id=CVE-2016-8871
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8871.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-8871
- Published
- 2016-10-28T15:59:15.470Z
- Modified
- 2026-04-10T03:53:56.389867Z
- Severity
-
- 6.2 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack.
- References
Affected packages
Git / github.com/randombit/botan
Affected ranges
- Type
- GIT
- Repo
- https://github.com/randombit/botan
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "1.11.29" }, { "introduced": "0" }, { "last_affected": "1.11.30" }, { "introduced": "0" }, { "last_affected": "1.11.31" }, { "introduced": "0" }, { "last_affected": "1.11.32" } ] }
Affected versions
1.*
1.10.0
1.10.0-rc1
1.10.1
1.11.0
1.11.10
1.11.11
1.11.12
1.11.13
1.11.14
1.11.15
1.11.16
1.11.17
1.11.18
1.11.19
1.11.2
1.11.20
1.11.21
1.11.22
1.11.23
1.11.24
1.11.25
1.11.26
1.11.27
1.11.28
1.11.29
1.11.3
1.11.30
1.11.31
1.11.32
1.11.5
1.11.6
1.11.7
1.11.8
1.11.9
1.5.10
1.5.11
1.5.12
1.5.13
1.5.6
1.5.7
1.5.8
1.5.9
1.6.0
1.6.1
1.7.0
1.7.1
1.7.10
1.7.11
1.7.15
1.7.16
1.7.17
1.7.18
1.7.19
1.7.20
1.7.21
1.7.22
1.7.23
1.7.24
1.7.3
1.7.4
1.7.5
1.7.6
1.7.7
1.7.8
1.7.9
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.8.8
1.9.10
1.9.11
1.9.12
1.9.13
1.9.14
1.9.15
1.9.16
1.9.17
1.9.18
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9