FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

botan2 -- Side channel during ECC key generation

Affected packages
botan2 < 2.9.0


VuXML ID d8e7e854-17fa-11e9-bef6-6805ca2fa271
Discovery 2018-12-17
Entry 2019-01-27

botan2 developers reports:

A timing side channel during ECC key generation could leak information about the high bits of the secret scalar. Such information allows an attacker to perform a brute force attack on the key somewhat more efficiently than they would otherwise. Found by Ján Jančár using ECTester.

Bug introduced in 1.11.20, fixed in 2.9.0


CVE Name CVE-2018-20187