rpm package
suse/Botan&distro=SUSE Package Hub 15 SP6
pkg:rpm/suse/Botan&distro=SUSE%20Package%20Hub%2015%20SP6
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-50383 | — | < 2.19.5-bp156.3.6.1 | 2.19.5-bp156.3.6.1 | Oct 23, 2024 | Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, | ||
| CVE-2024-50382 | — | < 2.19.5-bp156.3.6.1 | 2.19.5-bp156.3.6.1 | Oct 23, 2024 | Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V. |
- CVE-2024-50383Oct 23, 2024affected < 2.19.5-bp156.3.6.1fixed 2.19.5-bp156.3.6.1
Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS,
- CVE-2024-50382Oct 23, 2024affected < 2.19.5-bp156.3.6.1fixed 2.19.5-bp156.3.6.1
Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V.