CVE-2018-20187

Name of the Vulnerable Software and Affected Versions: Botan versions prior to 2.9.0

Description: A side-channel issue was discovered that affects the ECC key generation process. An attacker capable of precisely measuring the time taken for key generation may be able to derive information about the high bits of the secret key. This is due to the use of an unblinded Montgomery ladder in the function to derive the public point from the secret scalar, whose loop iteration count depends on the bitlength of the secret. This issue only affects key generation and does not impact ECDSA signatures or ECDH key agreement.

Recommendations: For versions prior to 2.9.0, update to version 2.9.0 or later to resolve the issue. As a temporary workaround, consider implementing timing-based mitigations to minimize the risk of exploitation.