Description

Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V.

INFO

Published Date :

2024-10-23T00:00:00.000Z

Last Modified :

2024-10-24T19:57:23.462Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-50382 vulnerability.

Vendors Products
Botan Project
  • Botan
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-50382.

URL Resource
https://arxiv.org/pdf/2410.13489 cve-icon cve-icon
https://github.com/randombit/botan/commit/53b0cfde580e86b03d0d27a488b6c134f662e957 cve-icon cve-icon
https://github.com/randombit/botan/compare/3.5.0...3.6.0 cve-icon cve-icon
https://news.ycombinator.com/item?id=41887153 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact