CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

37 matches found

AlpineLinux•added 2026/05/27 4:34 p.m.•3 views

CVE-2026-44378

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

7.5CVSS5.8AI score0.00055EPSS

Exploits0References1

Positive Technologies•added 2026/05/12 12:0 a.m.•3 views

PT-2026-42855

Name of the Vulnerable Software and Affected Versions Botan versions prior to 3.12.0 Description Certain patterns of indefinite length encodings in Basic Encoding Rules BER data can cause quadratic behavior in the parser, leading to a denial of service. These BER encodings were accepted even in...

7.5CVSS5.8AI score0.00055EPSS

Exploits0References8

ATTACKERKB•added 2026/04/07 9:12 p.m.•1 views

CVE-2026-34580

Botan is a C++ cryptography library. In 3.11.0, the function CertificateStore::certificateknown had a misleading name; it would return true if any certificate in the store had a DN and subject key identifier, if set matching that of the argument. It did not check that the cert it found and the ce...

5.9AI score0.00009EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/04/01 6:56 a.m.•2 views

CVE-2026-32883

A flaw was found in Botan. A remote attacker could exploit a vulnerability in the X509 path validation process where the signature of Online Certificate Status Protocol OCSP responses was not verified. This omission allows an attacker to provide forged OCSP responses, potentially leading to the...

6.8CVSS5.8AI score0.00009EPSS

Exploits0References4

UbuntuCve•added 2026/03/30 9:17 p.m.•3 views

CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.9AI score0.00009EPSS

Exploits0References2

OSV•added 2026/03/30 9:17 p.m.•0 views

UBUNTU-CVE-2026-32884

5.9CVSS5.7AI score0.00009EPSS

Exploits0References3

AstraLinux•added 2026/01/13 2:1 p.m.•3 views

Astra Linux - уязвимость в botan

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

5.9CVSS5.8AI score0.00173EPSS

Exploits1References3