What is CVE-2016-8871?

CVE-2016-8871 is a medium-severity vulnerability in Botan_project Botan, classified under Information Disclosure. CVSS score: 6.2/10. Published 2016-10-28.

How severe is CVE-2016-8871?

Medium severity. CVSS v3 base score is 6.2 out of 10.

Information disclosure in Botan_project Botan

CVE-2016-8871

In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack.

Vulnerability class: Information Disclosure

EPSS: 0.001 (33.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.2 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Botan_project Botan — versions 1.11.29, 1.11.30, 1.11.31
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
94225 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2016-8871?: CVE-2016-8871 is a medium-severity vulnerability in Botan_project Botan, classified under Information Disclosure. CVSS score: 6.2/10. Published 2016-10-28.
How severe is CVE-2016-8871?: Medium severity. CVSS v3 base score is 6.2 out of 10.