Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2016-05-13T14:00:00
Updated: 2017-06-30T16:57:01
Reserved: 2016-03-06T00:00:00
Link: CVE-2016-2849
JSON object: View
NVD Information
Status : Modified
Published: 2016-05-13T14:59:10.713
Modified: 2017-07-01T01:29:41.483
Link: CVE-2016-2849
JSON object: View
Redhat Information
No data.
CWE