CVE-2021-24115
CRITICAL
Published Feb 22, 20215y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Published Feb 22, 2021 5y ago
Last Modified Jun 17, 2026 2w ago
Description
In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| botan_project | botan | * | <2.17.3 |
References 3
- botan.randombit.net https://botan.randombit.net/news.html
- github.com https://github.com/randombit/botan/compare/2.17.2...2.17.3
- github.com https://github.com/randombit/botan/pull/2549
Remediation
- github.com https://github.com/randombit/botan/compare/2.17.2...2.17.3
- github.com https://github.com/randombit/botan/pull/2549