FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

botan2 -- ECDSA side channel

Affected packages
2.5.0 <= botan2 < 2.7.0

Details

VuXML ID 7762d7ad-2e38-41d2-9785-c51f653ba8bd
Discovery 2018-06-13
Entry 2018-08-17

botan2 developers report:

A side channel in the ECDSA signature operation could allow a local attacker to recover the secret key. Found by Keegan Ryan of NCC Group.

Bug introduced in 2.5.0, fixed in 2.7.0. The 1.10 branch is not affected.

References

CVE Name CVE-2018-12435
URL https://botan.randombit.net/security.html#id1
URL https://github.com/randombit/botan/pull/1604