VYPR
Unrated severityNVD Advisory· Published Oct 23, 2024· Updated Oct 24, 2024

CVE-2024-50382

CVE-2024-50382

Description

Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.