Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2017-14737
Deferred
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-26 Sep, 2017 | 01:29
Updated At-20 Apr, 2025 | 01:37

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
botan_project
botan_project
>>botan>>Versions up to 1.10.16(inclusive)
cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.0
cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.1
cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.2
cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.3
cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.4
cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.5
cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.6
cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.7
cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.8
cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.9
cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.10
cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.11
cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.12
cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.13
cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.14
cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.15
cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.16
cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.17
cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.18
cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.19
cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.20
cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.21
cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.22
cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.23
cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.24
cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.25
cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.26
cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.27
cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.28
cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.33
cpe:2.3:a:botan_project:botan:1.11.33:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>1.11.34
cpe:2.3:a:botan_project:botan:1.11.34:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>2.0.0
cpe:2.3:a:botan_project:botan:2.0.0:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>2.0.1
cpe:2.3:a:botan_project:botan:2.0.1:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>2.1.0
cpe:2.3:a:botan_project:botan:2.1.0:*:*:*:*:*:*:*
botan_project
botan_project
>>botan>>2.2.0
cpe:2.3:a:botan_project:botan:2.2.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/randombit/botan/issues/1222cve@mitre.org
Issue Tracking
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00006.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuaicve@mitre.org
Third Party Advisory
https://github.com/randombit/botan/issues/1222af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00006.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuaiaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Change History
0Changes found
Details not found