VDB

GCVE-110-MAGEIA-2016-208

GCVE-110-MAGEIA-2016-208
Advisory Published
Vulnetix · Advisory published May 29, 2016
Updated botan packages fix security vulnerabilities: During RSA decryption, how long decoding of PKCS #1 v1.5 padding took was input dependent. If these differences could be measured by an attacker, it could be used to mount a Bleichenbacher million-message attack (CVE-2015-7827). ECDSA (and DSA) signature algorithms perform a modular inverse on the signature nonce k. The modular inverse algorithm used had input dependent loops, and it is possible a side channel attack could recover sufficient information about the nonce to eventually recover the ECDSA secret key (CVE-2016-2849).

Affected Products

VendorProductVersionsPlatforms
Mageiabotan0 (affected), 1.10.12-1.1.mga5 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›