VDB
CVE-2021-24115
CVE-2021-24115
PUBLISHED
In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).
EPSS 0.71% · 72.6th percentile
Risk Scores
EPSS Score
0.71%
72.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | botan1.10 | 0, 1.10.12-1, 1.10.10-6 |
| Ubuntu:Pro:14.04:LTS | botan1.10 | 1.10.5-1ubuntu1, 0, 1.10.5-1 |
| Ubuntu:18.04:LTS | botan | 2.4.0-5ubuntu1, 0, 2.4.0-4 |
| Ubuntu:20.04:LTS | botan | 2.9.0-2, 2.12.1-2, 2.9.0-2build1 |
| Ubuntu:18.04:LTS | botan1.10 | 0, 1.10.16-1, 1.10.17-0.1 |
Timeline
- Feb 22, 2021 CVE Published
- Feb 26, 2021 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-24115 third-party-advisory
- https://github.com/randombit/botan/pull/2549 third-party-advisory
- https://botan.randombit.net/news.html third-party-advisory
- https://github.com/randombit/botan/compare/2.17.2...2.17.3 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-24115 third-party-advisory