CVE-2016-8871
Severity Score
6.2
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack.
En Botan 1.11.29 hasta la versión 1.11.32, descifrado RSA con ciertas opciones de relleno tenía un canal de sincronización detectable lo que podría dadas las suficientes consultas, se utilizado para recuperar texto plano, vulnerabilidad también conocida como un ataque "OAEP side channel".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-10-21 CVE Reserved
- 2016-10-28 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/94225 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://botan.randombit.net/security.html | 2016-11-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Botan Project Search vendor "Botan Project" | Botan Search vendor "Botan Project" for product "Botan" | 1.11.29 Search vendor "Botan Project" for product "Botan" and version "1.11.29" | - |
Affected
| ||||||
| Botan Project Search vendor "Botan Project" | Botan Search vendor "Botan Project" for product "Botan" | 1.11.30 Search vendor "Botan Project" for product "Botan" and version "1.11.30" | - |
Affected
| ||||||
| Botan Project Search vendor "Botan Project" | Botan Search vendor "Botan Project" for product "Botan" | 1.11.31 Search vendor "Botan Project" for product "Botan" and version "1.11.31" | - |
Affected
| ||||||
| Botan Project Search vendor "Botan Project" | Botan Search vendor "Botan Project" for product "Botan" | 1.11.32 Search vendor "Botan Project" for product "Botan" and version "1.11.32" | - |
Affected
| ||||||