CVE-2016-2849

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-2849
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2849.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-2849
Downstream
Related
Published
2016-05-13T14:59:10.713Z
Modified
2026-05-18T05:48:14.948127647Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.

Database specific 
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ],
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "debian:debian_linux",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "24"
                }
            ],
            "cpes": [
                "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*"
            ],
            "vendor_product": "fedoraproject:fedora",
            "source": "CPE_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/randombit/botan

Affected ranges

Type
GIT
Repo
https://github.com/randombit/botan
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
94a3fa8ae0dc4df67f6e9ba780427e651baa9dfd
Last affected
ee912cd748a9b0bf56c84a49896dd2d57e0f81a6
Last affected
0f301b1bc6ec4dcb4626cf7050c300abe1fef814
Last affected
c6147dcfb05a8df25ed74253b0a7e768fae19158
Last affected
bcee79d0d4dff8c0cbe4d753171359d565aca9c7
Last affected
822daab5f8392e9b8a2e219991f8adeffd101da9
Last affected
260de31d40e36239c7a27520ab0f7fbe0c3c90b4
Last affected
6a5c0019c5976226c9b4c80bca3aff70efb82897
Last affected
c691530064534882c7f43d996bb200e0c8d3d57f
Last affected
9241078d8797433779600b08fed5313dc30f3a76
Last affected
a69436e3cb4b91ec835673145fd4dbe703342a4c
Last affected
746844ba82d7c1b8e80dcda3da779fcc1bb495a3
Last affected
c78b2e26875a8726d0ac7a10af2c86b57860d3fb
Last affected
bfaeed3848727c4f8e7ac71ff886360d0f4b19a1
Last affected
e05de6c4c5c37e66f89394019dd1045b7a2f8af0
Last affected
a9aebb6c08eb7d78a62283c33ece17b73e7c2f8c
Last affected
7489ab66e1814cb6cc0f6b8f7f5f36edc3eb567a
Last affected
01226c4ef4eb9be841a65cf6e3ac1c343bd922a6
Last affected
0bac9f292b133439311dddb2642bff1041becbd7
Last affected
e27b169d4cebfc9c80e3b9cd273cb355969a877e
Last affected
22dc8165392711e424efcb2724fd69b1ab68abd5
Last affected
2a7a4a77cb6af113fc3251960554b96b332edc86
Last affected
1ed5d9e990353e5d4f1b8dcf42afc143b0abe933
Last affected
3d253c524e3e4f21a11c857ab0827fe34c2ee307
Last affected
1203405e412c0d9b6268046ab342167bb2f5792b
Last affected
cb4ab0662dfbe462dbe578ffa7d6f44effa51d82
Last affected
91c194957a12b174f4a51f41319b0d9604450d87
Last affected
9d3ad9a0f44a9321185ed9f221c828dac81b9f0c
Last affected
fb22198b9add1f1d46d6b05cc8626b7a8d8ff9c6
Last affected
87a59dd0ea8a783540d30bb697b4c86d9b66f7ee
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10.12"
        },
        {
            "last_affected": "1.11.0"
        },
        {
            "last_affected": "1.11.1"
        },
        {
            "last_affected": "1.11.2"
        },
        {
            "last_affected": "1.11.3"
        },
        {
            "last_affected": "1.11.4"
        },
        {
            "last_affected": "1.11.5"
        },
        {
            "last_affected": "1.11.6"
        },
        {
            "last_affected": "1.11.7"
        },
        {
            "last_affected": "1.11.8"
        },
        {
            "last_affected": "1.11.9"
        },
        {
            "last_affected": "1.11.10"
        },
        {
            "last_affected": "1.11.11"
        },
        {
            "last_affected": "1.11.12"
        },
        {
            "last_affected": "1.11.13"
        },
        {
            "last_affected": "1.11.14"
        },
        {
            "last_affected": "1.11.15"
        },
        {
            "last_affected": "1.11.16"
        },
        {
            "last_affected": "1.11.17"
        },
        {
            "last_affected": "1.11.18"
        },
        {
            "last_affected": "1.11.19"
        },
        {
            "last_affected": "1.11.20"
        },
        {
            "last_affected": "1.11.21"
        },
        {
            "last_affected": "1.11.22"
        },
        {
            "last_affected": "1.11.23"
        },
        {
            "last_affected": "1.11.24"
        },
        {
            "last_affected": "1.11.25"
        },
        {
            "last_affected": "1.11.26"
        },
        {
            "last_affected": "1.11.27"
        },
        {
            "last_affected": "1.11.28"
        }
    ],
    "cpe": [
        "cpe:2.3:a:botan_project:botan:1.10.12:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*",
        "cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*"
    ],
    "source": "CPE_FIELD"
}

Affected versions

1.*
1.10.0
1.10.0-rc1
1.10.1
1.10.11
1.10.12
1.10.2
1.10.3
1.10.5
1.10.6
1.10.8
1.10.9
1.11.0
1.11.1
1.11.10
1.11.11
1.11.12
1.11.13
1.11.14
1.11.15
1.11.16
1.11.17
1.11.18
1.11.19
1.11.2
1.11.20
1.11.21
1.11.22
1.11.23
1.11.24
1.11.25
1.11.26
1.11.27
1.11.28
1.11.3
1.11.4
1.11.5
1.11.6
1.11.7
1.11.8
1.11.9
1.5.10
1.5.11
1.5.12
1.5.13
1.5.6
1.5.7
1.5.8
1.5.9
1.6.0
1.6.1
1.7.0
1.7.1
1.7.10
1.7.11
1.7.15
1.7.16
1.7.17
1.7.18
1.7.19
1.7.20
1.7.21
1.7.22
1.7.23
1.7.24
1.7.3
1.7.4
1.7.5
1.7.6
1.7.7
1.7.8
1.7.9
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.8.8
1.9.10
1.9.11
1.9.12
1.9.13
1.9.14
1.9.15
1.9.16
1.9.17
1.9.18
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2849.json"