CVE-2018-20187
Last modified
CVE-2018-20187 is a vulnerability of currently unknown severity. A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. EPSS estimates a 1.52% chance of exploitation in the next 30 days.
Description
A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Botan Project | Botan | < 2.9.0 |
References
- https://botan.randombit.net/news.htmlRelease Notes, Vendor Advisory
- https://botan.randombit.net/security.htmlVendor Advisory
- https://github.com/crocs-muni/ECTesterNot Applicable, Third Party Advisory
- https://botan.randombit.net/news.htmlRelease Notes, Vendor Advisory
- https://botan.randombit.net/security.htmlVendor Advisory
- https://github.com/crocs-muni/ECTesterNot Applicable, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-20187?
How severe is CVE-2018-20187?
How do I fix CVE-2018-20187?
Are you affected by CVE-2018-20187?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST