PT-2016-7602 · Botan · Botan
Juraj Somorovsky
·
Published
2016-10-28
·
Updated
2016-11-29
·
CVE-2016-8871
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Botan versions 1.11.29 through 1.11.32
Description
The issue concerns a detectable timing channel in RSA decryption with certain padding options. This could potentially allow an attacker to recover plaintext through an "OAEP side channel" attack, given sufficient queries.
Recommendations
For versions 1.11.29 through 1.11.32, consider updating to a version that fixes the timing channel issue in RSA decryption to prevent potential plaintext recovery attacks.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Botan