CVE-2017-14737

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.33:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.34:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:2.2.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

15 Dec 2021, 14:11

Type Values Removed Values Added
References (MLIST) https://lists.debian.org/debian-lts-announce/2021/11/msg00006.html - (MLIST) https://lists.debian.org/debian-lts-announce/2021/11/msg00006.html - Mailing List, Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

17 Nov 2021, 22:16

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2021/11/msg00006.html -

10 Nov 2021, 01:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.debian.org/debian-lts-announce/2021/11/msg00006.html', 'name': '[debian-lts-announce] 20211108 [SECURITY] [DLA 2812-1] botan1.10 security update', 'tags': [], 'refsource': 'MLIST'}

09 Nov 2021, 02:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2021/11/msg00006.html -

Information

Published : 2017-09-26 01:29

Updated : 2023-12-10 12:15


NVD link : CVE-2017-14737

Mitre link : CVE-2017-14737

CVE.ORG link : CVE-2017-14737


JSON object : View

Products Affected

botan_project

  • botan

debian

  • debian_linux