What is CVE-2017-14737?

CVE-2017-14737 is a medium-severity vulnerability in Botan_project Botan. CVSS score: 5.5/10. Published 2017-09-26.

How severe is CVE-2017-14737?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Vulnerability in Botan_project Botan

CVE-2017-14737

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs becau…

EPSS: 0.001 (16.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Botan_project Botan — versions 1.11.0, 1.11.1, 1.11.2
Debian Debian_linux — versions 9.0
N/a — versions n/a

References

cve@mitre.org (Third Party Advisory, x_refsource_MISC)
cve@mitre.org (Third Party Advisory, x_refsource_MISC, Issue Tracking)
cve@mitre.org (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)

Frequently asked questions

What is CVE-2017-14737?: CVE-2017-14737 is a medium-severity vulnerability in Botan_project Botan. CVSS score: 5.5/10. Published 2017-09-26.
How severe is CVE-2017-14737?: Medium severity. CVSS v3 base score is 5.5 out of 10.