VYPR

rpm package

suse/Botan&distro=SUSE Package Hub 15 SP6

pkg:rpm/suse/Botan&distro=SUSE%20Package%20Hub%2015%20SP6

Vulnerabilities (2)

  • CVE-2024-50383Oct 23, 2024
    affected < 2.19.5-bp156.3.6.1fixed 2.19.5-bp156.3.6.1

    Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS,

  • CVE-2024-50382Oct 23, 2024
    affected < 2.19.5-bp156.3.6.1fixed 2.19.5-bp156.3.6.1

    Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V.