Unrated severityNVD Advisory· Published Oct 23, 2024· Updated Oct 24, 2024
CVE-2024-50383
CVE-2024-50383
Description
Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i386. (Only 32-bit processors can be affected.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- Botan/Botandescription
- Range: <3.6.0
- osv-coords4 versionspkg:rpm/opensuse/Botan&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/Botan&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/Botan&distro=SUSE%20Package%20Hub%2015%20SP5pkg:rpm/suse/Botan&distro=SUSE%20Package%20Hub%2015%20SP6
< 2.19.5-bp156.3.6.1+ 3 more
- (no CPE)range: < 2.19.5-bp156.3.6.1
- (no CPE)range: < 2.19.5-bp156.3.6.1
- (no CPE)range: < 2.19.5-bp156.3.6.1
- (no CPE)range: < 2.19.5-bp156.3.6.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.