CVE-2017-14737

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-14737

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14737.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-14737

Related

Published

2017-09-26T01:29:03Z

Modified

2024-08-01T07:54:43.457611Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.

References

Affected packages

Git / github.com/randombit/botan

Affected ranges

Type: GIT
Repo: https://github.com/randombit/botan
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

01226c4ef4eb9be841a65cf6e3ac1c343bd922a6

Last affected

0bac9f292b133439311dddb2642bff1041becbd7

Last affected

0f301b1bc6ec4dcb4626cf7050c300abe1fef814

Last affected

1203405e412c0d9b6268046ab342167bb2f5792b

Last affected

1ed5d9e990353e5d4f1b8dcf42afc143b0abe933

Last affected

22dc8165392711e424efcb2724fd69b1ab68abd5

Last affected

260de31d40e36239c7a27520ab0f7fbe0c3c90b4

Last affected

2a7a4a77cb6af113fc3251960554b96b332edc86

Last affected

33f87a596ffa1fcbc017d9593dce0906d7d32208

Last affected

3756c97d295d06ac19cec6736e05003afb10623e

Last affected

3d253c524e3e4f21a11c857ab0827fe34c2ee307

Last affected

55a1d935e736716480407378565939b9e6c829b9

Last affected

560c0e5623cd9ef704b06c56b7e827e7431ae1a8

Last affected

6a5c0019c5976226c9b4c80bca3aff70efb82897

Last affected

746844ba82d7c1b8e80dcda3da779fcc1bb495a3

Last affected

7489ab66e1814cb6cc0f6b8f7f5f36edc3eb567a

Last affected

7bdffd52a96e08e9452d1985258376a3925a497b

Last affected

822daab5f8392e9b8a2e219991f8adeffd101da9

Last affected

87a59dd0ea8a783540d30bb697b4c86d9b66f7ee

Last affected

91c194957a12b174f4a51f41319b0d9604450d87

Last affected

9241078d8797433779600b08fed5313dc30f3a76

Last affected

9d3ad9a0f44a9321185ed9f221c828dac81b9f0c

Last affected

a69436e3cb4b91ec835673145fd4dbe703342a4c

Last affected

a9aebb6c08eb7d78a62283c33ece17b73e7c2f8c

Last affected

b816a3652c1359028f59d64a2f742564547ab782

Last affected

bcee79d0d4dff8c0cbe4d753171359d565aca9c7

Last affected

bfaeed3848727c4f8e7ac71ff886360d0f4b19a1

Last affected

c6147dcfb05a8df25ed74253b0a7e768fae19158

Last affected

c691530064534882c7f43d996bb200e0c8d3d57f

Last affected

c78b2e26875a8726d0ac7a10af2c86b57860d3fb

Last affected

cb4ab0662dfbe462dbe578ffa7d6f44effa51d82

Last affected

d90c21b69cf0457782e5862c7b87d6e72dea1c40

Last affected

e05de6c4c5c37e66f89394019dd1045b7a2f8af0

Last affected

e27b169d4cebfc9c80e3b9cd273cb355969a877e

Last affected

ee912cd748a9b0bf56c84a49896dd2d57e0f81a6

Last affected

fb22198b9add1f1d46d6b05cc8626b7a8d8ff9c6

Affected versions

1.*

1.10.0

1.10.0-rc1

1.10.1

1.10.11

1.10.12

1.10.13

1.10.14

1.10.15

1.10.16

1.10.2

1.10.3

1.10.4

1.10.5

1.10.6

1.10.7

1.10.8

1.10.9

1.11.0

1.11.1

1.11.10

1.11.11

1.11.12

1.11.13

1.11.14

1.11.15

1.11.16

1.11.2

1.11.3

1.11.4

1.11.5

1.11.6

1.11.7

1.11.8

1.11.9

1.5.10

1.5.11

1.5.12

1.5.13

1.5.6

1.5.7

1.5.8

1.5.9

1.6.0

1.6.1

1.6.2

1.6.3

1.7.0

1.7.1

1.7.10

1.7.11

1.7.12

1.7.13

1.7.14

1.7.15

1.7.16

1.7.17

1.7.18

1.7.19

1.7.2

1.7.20

1.7.21

1.7.22

1.7.23

1.7.24

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.7.8

1.7.9

1.8.0

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.8.8

1.9.0

1.9.1

1.9.10

1.9.11

1.9.12

1.9.13

1.9.14

1.9.15

1.9.16

1.9.17

1.9.18

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

1.9.7

1.9.8

1.9.9