VDB

GCVE-110-MAGEIA-2025-295

GCVE-110-MAGEIA-2025-295
Advisory Published
Vulnetix · Advisory published November 15, 2025
Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i386 (only 32-bit processors can be affected). (CVE-2024-50383)

Affected Products

VendorProductVersionsPlatforms
Mageiabotan20 (affected), 2.19.5-1.1.mga9 (unaffected)

Browse GCVE Records

73,280 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›