CVE-2014-9742
moderate-risk
Published 2016-05-13
The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group.
Do I need to act?
-
0.28% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Vendors
References (4)
Vendor Advisory
http://botan.randombit.net/security.html
Vendor Advisory
http://marc.info/?l=botan-devel&m=139717503205066&w=2
Vendor Advisory
http://botan.randombit.net/security.html
Vendor Advisory
http://marc.info/?l=botan-devel&m=139717503205066&w=2
43
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
1/34 · Minimal
Exposure
16/34 · Moderate