Lucene search
K

628 matches found

OSV
OSV
added 2018/06/15 2:29 a.m.1 views

DEBIAN-CVE-2018-12435

Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ecgroup/ecgroup.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local...

5.9CVSS5.7AI score0.00499EPSS
Exploits1References1
OSV
OSV
added 2018/06/15 2:29 a.m.23 views

CVE-2018-12435

Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ecgroup/ecgroup.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local...

5.9CVSS5.7AI score
Exploits0References3
Cvelist
Cvelist
added 2018/06/15 2:0 a.m.27 views

CVE-2018-12435

Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ecgroup/ecgroup.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local...

5.3AI score0.00499EPSS
Exploits1References3
CVE
CVE
added 2018/06/15 2:0 a.m.82 views

CVE-2018-12435

CVE-2018-12435 affects Botan 2.5.0–2.6.0 prior to 2.7.0, enabling a memory-cache side-channel attack on ECDSA (ROHNP) that could allow key recovery when attacker has local access or co-residency on the same host. Connected advisories confirm the issue in Botan’s ECDSA signing and related code pat...

5.9CVSS4.7AI score0.00499EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2018/06/15 2:0 a.m.47 views

CVE-2018-12435

Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ecgroup/ecgroup.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local...

5.9CVSS5.4AI score0.00499EPSS
Exploits1
Debian CVE
Debian CVE
added 2018/06/15 2:0 a.m.32 views

CVE-2018-12435

Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ecgroup/ecgroup.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local...

5.9CVSS6.1AI score0.00499EPSS
Exploits1
CNVD
CNVD
added 2018/06/15 12:0 a.m.3 views

Botan ROHNP Vulnerability

Botan is a library of cryptographic algorithms in the C++ programming language that supports AES, DES, SHA-1, RSA, DSA and Diffie-Hellman. Botan suffers from a security vulnerability. An attacker can exploit this vulnerability to obtain ECDSA keys by accessing a local device or a different virtua...

5.9CVSS5.8AI score0.00499EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2018/04/12 5:29 a.m.22 views

CVE-2018-9860

An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will...

7.5CVSS7.1AI score0.01382EPSS
Exploits0References2
Prion
Prion
added 2018/04/12 5:29 a.m.19 views

Design/Logic Flaw

An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will...

5CVSS7.3AI score0.01382EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/04/12 5:29 a.m.3 views

UBUNTU-CVE-2018-9860

An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will...

7.5CVSS7.1AI score0.01382EPSS
Exploits0References3
OSV
OSV
added 2018/04/12 5:29 a.m.19 views

CVE-2018-9860

An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will...

7.5CVSS6.8AI score
Exploits0References2
NVD
NVD
added 2018/04/12 5:29 a.m.18 views

CVE-2018-9860

An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will...

7.5CVSS7.3AI score0.01382EPSS
Exploits0References2
OSV
OSV
added 2018/04/12 5:29 a.m.7 views

ALPINE-CVE-2018-9860

An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will...

7.5CVSS6.6AI score0.01382EPSS
Exploits0References1
OSV
OSV
added 2018/04/12 5:29 a.m.3 views

DEBIAN-CVE-2018-9860

An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will...

7.5CVSS6.6AI score0.01382EPSS
Exploits0References1
CVE
CVE
added 2018/04/12 5:0 a.m.67 views

CVE-2018-9860

Botan CVE-2018-9860 affects Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext can cause the receiver to include 64K bytes following the record buffer in the HMAC, leading to a denial of service (MAC check fails and connection closes). No info...

7.5CVSS7.2AI score0.01382EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/04/12 5:0 a.m.22 views

CVE-2018-9860

An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will...

7.3AI score0.01382EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2018/04/12 5:0 a.m.32 views

CVE-2018-9860

An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will...

7.5CVSS7.4AI score0.01382EPSS
Exploits0
Debian CVE
Debian CVE
added 2018/04/12 5:0 a.m.24 views

CVE-2018-9860

An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will...

7.5CVSS7.6AI score0.01382EPSS
Exploits0
ossfuzz
ossfuzz
added 2018/04/08 10:57 p.m.23 views

botan/tls_client: Crash in unsigned long Botan::load_be<unsigned long>

Project: https://github.com/randombit/botan.git Detailed report: https://oss-fuzz.com/testcase?key=5945229455654912 Project: botan Fuzzer: libFuzzerbotantlsclient Fuzz target binary: tlsclient Job Type: libfuzzermsanbotan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x703000010000...

6.7AI score
Exploits0Affected Software1
ossfuzz
ossfuzz
added 2018/04/06 12:9 p.m.29 views

botan/tls_client: Heap-buffer-overflow in void Botan::copy_mem<unsigned char>

Project: https://github.com/randombit/botan.git Detailed report: https://oss-fuzz.com/testcase?key=4905819050082304 Project: botan Fuzzer: libFuzzerbotantlsclient Fuzz target binary: tlsclient Job Type: libfuzzerasanbotan Platform Id: linux Crash Type: Heap-buffer-overflow READ Crash Address:...

6.7AI score
Exploits0Affected Software1
Rows per page
Query Builder