CVE-2018-20187 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-20187 Interim 1 14 2025-02-17T02:30:39Z current 2021-05-30T14:19:29Z 2025-02-17T02:30:39Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-20187 A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP5 openSUSE Tumbleweed Botan Botan-2.18.1-1.3 Botan-doc-2.18.1-1.3 libbotan-1_10-0 libbotan-1_6_5 libbotan-2-18-2.18.1-1.3 libbotan-2-18-32bit-2.18.1-1.3 libbotan-devel libbotan-devel-2.18.1-1.3 libbotan-devel-32bit-2.18.1-1.3 python3-botan-2.18.1-1.3 Botan-2.18.1-1.3 as a component of openSUSE Tumbleweed Botan-doc-2.18.1-1.3 as a component of openSUSE Tumbleweed libbotan-2-18-2.18.1-1.3 as a component of openSUSE Tumbleweed libbotan-2-18-32bit-2.18.1-1.3 as a component of openSUSE Tumbleweed libbotan-devel-2.18.1-1.3 as a component of openSUSE Tumbleweed libbotan-devel-32bit-2.18.1-1.3 as a component of openSUSE Tumbleweed python3-botan-2.18.1-1.3 as a component of openSUSE Tumbleweed libbotan-1_6_5 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libbotan-devel as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 Botan as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libbotan-1_10-0 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 libbotan-devel as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 Botan as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 libbotan-1_10-0 as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 libbotan-devel as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 Botan as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 libbotan-1_10-0 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libbotan-devel as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 Botan as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement. CVE-2018-20187 openSUSE Tumbleweed:Botan-2.18.1-1.3 openSUSE Tumbleweed:Botan-doc-2.18.1-1.3 openSUSE Tumbleweed:libbotan-2-18-2.18.1-1.3 openSUSE Tumbleweed:libbotan-2-18-32bit-2.18.1-1.3 openSUSE Tumbleweed:libbotan-devel-2.18.1-1.3 openSUSE Tumbleweed:libbotan-devel-32bit-2.18.1-1.3 openSUSE Tumbleweed:python3-botan-2.18.1-1.3 SUSE Linux Enterprise Software Development Kit 11 SP4:Botan SUSE Linux Enterprise Software Development Kit 11 SP4:libbotan-1_6_5 SUSE Linux Enterprise Software Development Kit 11 SP4:libbotan-devel SUSE Linux Enterprise Software Development Kit 12 SP3:Botan SUSE Linux Enterprise Software Development Kit 12 SP3:libbotan-1_10-0 SUSE Linux Enterprise Software Development Kit 12 SP3:libbotan-devel SUSE Linux Enterprise Software Development Kit 12 SP4:Botan SUSE Linux Enterprise Software Development Kit 12 SP4:libbotan-1_10-0 SUSE Linux Enterprise Software Development Kit 12 SP4:libbotan-devel low 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 2.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N