Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i386. (Only 32-bit processors can be affected.)
{ "vanir_signatures": [ { "target": { "file": "src/lib/utils/donna128.h" }, "signature_version": "v1", "digest": { "line_hashes": [ "126919531198109600670305180861805806198", "47027288753694363130089521202152577733", "263451663412783185999844650754253064521", "317664375744814807110685203567803694964", "192798379601031292957747122793573782265", "152746210731360794603556943365478611757", "246680631869523581155615701478946827435", "234213935555240666678775579274190960278", "153068232029709647583119557210309603557", "103595958058659321366621553752559120036", "16983010423492160011678054637918267363" ], "threshold": 0.9 }, "id": "CVE-2024-50383-26cdcaea", "source": "https://github.com/randombit/botan/commit/53b0cfde580e86b03d0d27a488b6c134f662e957", "signature_type": "Line", "deprecated": false }, { "target": { "function": "operator+=", "file": "src/lib/utils/donna128.h" }, "signature_version": "v1", "digest": { "function_hash": "113240240772205969688468516196387758560", "length": 113.0 }, "id": "CVE-2024-50383-59086b84", "source": "https://github.com/randombit/botan/commit/53b0cfde580e86b03d0d27a488b6c134f662e957", "signature_type": "Function", "deprecated": false }, { "target": { "function": "GHASH::key_schedule", "file": "src/lib/utils/ghash/ghash.cpp" }, "signature_version": "v1", "digest": { "function_hash": "263419540320011672964078588133153699739", "length": 782.0 }, "id": "CVE-2024-50383-74e973ae", "source": "https://github.com/randombit/botan/commit/53b0cfde580e86b03d0d27a488b6c134f662e957", "signature_type": "Function", "deprecated": false }, { "target": { "file": "src/lib/utils/ghash/ghash.cpp" }, "signature_version": "v1", "digest": { "line_hashes": [ "149196067096857216389568200283793391311", "259405174184722127687927409568629724662", "133516367246839249334925645775850140497", "117102124029184724036706851708733937691" ], "threshold": 0.9 }, "id": "CVE-2024-50383-9e6e9f58", "source": "https://github.com/randombit/botan/commit/53b0cfde580e86b03d0d27a488b6c134f662e957", "signature_type": "Line", "deprecated": false }, { "target": { "function": "operator+=", "file": "src/lib/utils/donna128.h" }, "signature_version": "v1", "digest": { "function_hash": "81898273412369779755549984092706126000", "length": 146.0 }, "id": "CVE-2024-50383-d75ed31a", "source": "https://github.com/randombit/botan/commit/53b0cfde580e86b03d0d27a488b6c134f662e957", "signature_type": "Function", "deprecated": false } ] }