CVE-2021-24115

Опубликовано: 22 фев. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).

Ссылки

https://botan.randombit.net/news.html
Release Notes
Vendor Advisory
https://github.com/randombit/botan/compare/2.17.2...2.17.3
Patch
Third Party Advisory
https://github.com/randombit/botan/pull/2549
Patch
Third Party Advisory
https://botan.randombit.net/news.html
Release Notes
Vendor Advisory
https://github.com/randombit/botan/compare/2.17.2...2.17.3
Patch
Third Party Advisory
https://github.com/randombit/botan/pull/2549
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*

Версия до 2.17.3 (исключая)

EPSS

Процентиль: 72%

0.00711

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2021-24115

CVSS3: 9.8

ubuntu

почти 5 лет назад

In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).

CVE-2021-24115

CVSS3: 9.8

debian

почти 5 лет назад

In Botan before 2.17.3, constant-time computations are not used for ce ...

openSUSE-SU-2021:0765-1

suse-cvrf

больше 4 лет назад

Security update for Botan

GHSA-cj2q-f8cp-cqmf

CVSS3: 9.8

github

больше 3 лет назад

In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).

EPSS

Процентиль: 72%

0.00711

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo