{"id":"AZL-51707","summary":"CVE-2024-50382 affecting package botan2 2.14.0-2","details":"Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V.","modified":"2026-04-21T04:33:14.777722Z","published":"2024-10-23T17:15:19Z","upstream":["CVE-2024-50382"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50382"}],"affected":[{"package":{"name":"botan2","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/botan2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"2.14.0-2"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51707.json"}}],"schema_version":"1.7.5"}