CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

37 matches found

AlpineLinux•added 2026/05/27 4:34 p.m.•7 views

CVE-2026-44378

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

7.5CVSS5.8AI score0.00324EPSS

Exploits0References1

Positive Technologies•added 2026/05/12 12:0 a.m.•9 views

PT-2026-42855

Name of the Vulnerable Software and Affected Versions Botan versions prior to 3.12.0 Description Certain patterns of indefinite length encodings in Basic Encoding Rules BER data can cause quadratic behavior in the parser, leading to a denial of service. These BER encodings were accepted even in...

7.5CVSS5.8AI score0.00324EPSS

Exploits0References8

ATTACKERKB•added 2026/04/07 9:12 p.m.•1 views

CVE-2026-34580

Botan is a C++ cryptography library. In 3.11.0, the function CertificateStore::certificateknown had a misleading name; it would return true if any certificate in the store had a DN and subject key identifier, if set matching that of the argument. It did not check that the cert it found and the ce...

5.9AI score0.00189EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/04/01 6:56 a.m.•6 views

CVE-2026-32883

A flaw was found in Botan. A remote attacker could exploit a vulnerability in the X509 path validation process where the signature of Online Certificate Status Protocol OCSP responses was not verified. This omission allows an attacker to provide forged OCSP responses, potentially leading to the...

6.8CVSS5.8AI score0.00154EPSS

Exploits0References4

UbuntuCve•added 2026/03/30 9:17 p.m.•4 views

CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.9AI score0.00158EPSS

Exploits0References2

OSV•added 2026/03/30 9:17 p.m.•1 views

UBUNTU-CVE-2026-32884

5.9CVSS5.7AI score0.00158EPSS

Exploits0References3

AstraLinux•added 2026/01/13 2:1 p.m.•4 views

Astra Linux – Vulnerability in Botan

Before version 3.6.0, when certain GCC versions were used, Botan had a compiler-induced operation that relied on secrets in the donna128.h file of lib/utils. This operation was used in Chacha-Poly1305 and x25519. An addition operation could be skipped if a carry wasn’t set. This issue was observe...

5.9CVSS6.3AI score0.00542EPSS

Exploits1References3