{"id":"AZL-51681","summary":"CVE-2024-50383 affecting package botan2 2.14.0-2","details":"Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i386. (Only 32-bit processors can be affected.)","modified":"2026-04-01T05:20:46.055381Z","published":"2024-10-23T17:15:19Z","upstream":["CVE-2024-50383"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50383"}],"affected":[{"package":{"name":"botan2","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/botan2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"2.14.0-2"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51681.json"}}],"schema_version":"1.7.5"}