CVE-2024-50383

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Botan versions prior to 3.6.0

Description The issue is related to a compiler-induced secret-dependent operation in the lib/utils/donna128.h component of the Botan cryptographic library. This can lead to information disclosure through side-channel attacks. The vulnerability can be exploited by a remote attacker to gain access to confidential data. It is observed to affect 32-bit processors.

Recommendations For versions prior to 3.6.0, update to version 3.6.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of the donna128 component in Chacha-Poly1305 and x25519 until a patch is available. Restrict access to sensitive data to minimize the risk of exploitation.

Exploit

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

AZL-51681

AZL-51701

BDU:2024-09444

CVE-2024-50383

MGASA-2025-0295

OPENSUSE-SU-2024:0343-1

USN-7586-1

Affected Products

Botan

Debian

Linuxmint

Ubuntu

CVE-2024-50383

Weakness Enumeration

Related Identifiers

Affected Products

References · 37