Unrated severityNVD Advisory· Published Oct 23, 2024· Updated Oct 24, 2024
CVE-2024-50382
CVE-2024-50382
Description
Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- Botan/Botandescription
- Range: <3.6.0
- osv-coords5 versionspkg:rpm/opensuse/Botan&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/Botan&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/Botan&distro=openSUSE%20Tumbleweedpkg:rpm/suse/Botan&distro=SUSE%20Package%20Hub%2015%20SP5pkg:rpm/suse/Botan&distro=SUSE%20Package%20Hub%2015%20SP6
< 2.19.5-bp156.3.6.1+ 4 more
- (no CPE)range: < 2.19.5-bp156.3.6.1
- (no CPE)range: < 2.19.5-bp156.3.6.1
- (no CPE)range: < 3.6.0-1.1
- (no CPE)range: < 2.19.5-bp156.3.6.1
- (no CPE)range: < 2.19.5-bp156.3.6.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.