Lucene search
K

628 matches found

OpenVAS
OpenVAS
added 2017/10/27 12:0 a.m.32 views

Fedora Update for botan FEDORA-2017-d4248ba346

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.6AI score
Exploits0References2
OSV
OSV
added 2017/10/26 7:52 a.m.6 views

SUSE-SU-2017:2855-1 Security update for Botan

This update for Botan fixes the following issues: This security issue was fixed: - CVE-2017-14737: A cryptographic cache-based side channel in the RSA implementation in Botan allowed a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occured because an...

5.5CVSS5.1AI score0.00318EPSS
Exploits0References3
Fedora
Fedora
added 2017/10/25 11:16 p.m.43 views

[SECURITY] Fedora 26 Update: botan-1.10.17-1.fc26

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

9.8CVSS1.8AI score0.01317EPSS
Exploits2
Fedora
Fedora
added 2017/10/25 9:22 p.m.40 views

[SECURITY] Fedora 25 Update: botan-1.10.17-1.fc25

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

9.8CVSS1.8AI score0.01317EPSS
Exploits2
ArchLinux
ArchLinux
added 2017/10/12 12:0 a.m.28 views

[ASA-201710-17] botan: information disclosure

Arch Linux Security Advisory ASA-201710-17 ========================================== Severity: Medium Date : 2017-10-12 CVE-ID : CVE-2017-14737 Package : botan Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-416 Summary ======= The package botan before version...

5.5CVSS1.6AI score0.00318EPSS
Exploits0References6
CNVD
CNVD
added 2017/10/10 12:0 a.m.6 views

Botan Design Vulnerability

Botan is a library of cryptographic algorithms in the C++ programming language that supports AES, DES, SHA-1, RSA, DSA and Diffie-Hellman. A security vulnerability exists in the RSA implementation in Botan versions prior to 1.10.17, 1.11.x and 2.x prior to 2.3.0. A local attacker can exploit this...

5.5CVSS6.9AI score0.00318EPSS
Exploits0References1
NVD
NVD
added 2017/09/26 1:29 a.m.21 views

CVE-2017-14737

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key...

5.5CVSS5.1AI score0.00318EPSS
Exploits0References3
OSV
OSV
added 2017/09/26 1:29 a.m.22 views

CVE-2017-14737

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key...

5.5CVSS6.5AI score
Exploits0References3
Prion
Prion
added 2017/09/26 1:29 a.m.19 views

Design/Logic Flaw

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key...

2.1CVSS5AI score0.00318EPSS
Exploits0References3Affected Software2
UbuntuCve
UbuntuCve
added 2017/09/26 1:29 a.m.30 views

CVE-2017-14737

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key...

5.5CVSS6.8AI score0.00318EPSS
Exploits0References3
OSV
OSV
added 2017/09/26 1:29 a.m.2 views

UBUNTU-CVE-2017-14737

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key...

5.5CVSS6.7AI score0.00318EPSS
Exploits0References4
CVE
CVE
added 2017/09/26 1:0 a.m.82 views

CVE-2017-14737

Botan contains a cache-based side-channel flaw in its RSA implementation that can let a local attacker recover bits of secret exponents used in RSA (and related operations). Affected are Botan versions before 1.10.17, and 1.11.x and 2.x before 2.3.0. The vulnerability arises from indexing a Montg...

5.5CVSS5.2AI score0.00318EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2017/09/26 1:0 a.m.31 views

CVE-2017-14737

Removed by vendor...

5.5CVSS7.4AI score0.00318EPSS
Exploits0
seebug.org
seebug.org
added 2017/09/19 12:0 a.m.925 views

Randombit Botan Library X509 Certificate Validation Bypass Vulnerability(CVE-2017-2801)

Summary A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in...

7.5CVSS9.1AI score0.05741EPSS
Exploits5
OSV
OSV
added 2017/09/03 2:31 p.m.11 views

MGASA-2017-0327 Updated botan packages fix security vulnerability

Aleksandar Nikolic discovered that an error in the x509 parser of the Botan crypto library could result in an out-of-bounds memory read, resulting in denial of service or an information leak if processing a malformed certificate CVE-2017-2801...

9.8CVSS9.2AI score0.01317EPSS
Exploits2References4
Mageia
Mageia
added 2017/09/03 2:31 p.m.42 views

Updated botan packages fix security vulnerability

Aleksandar Nikolic discovered that an error in the x509 parser of the Botan crypto library could result in an out-of-bounds memory read, resulting in denial of service or an information leak if processing a malformed certificate CVE-2017-2801...

9.8CVSS3AI score0.01317EPSS
Exploits2References3
OSV
OSV
added 2017/09/01 9:10 p.m.10 views

MGASA-2017-0321 Updated botan packages fix security vulnerabilities

While decoding BER length fields, an integer overflow could occur. This could occur while parsing untrusted inputs such as X.509 certificates. The overflow does not seem to lead to any obviously exploitable condition, but exploitation cannot be positively ruled out. Only 32-bit platforms are like...

9.8CVSS9.3AI score0.01978EPSS
Exploits2References5
Mageia
Mageia
added 2017/09/01 9:10 p.m.53 views

Updated botan packages fix security vulnerabilities

While decoding BER length fields, an integer overflow could occur. This could occur while parsing untrusted inputs such as X.509 certificates. The overflow does not seem to lead to any obviously exploitable condition, but exploitation cannot be positively ruled out. Only 32-bit platforms are like...

9.8CVSS3.2AI score0.01978EPSS
Exploits2References4
Debian
Debian
added 2017/08/12 6:35 p.m.29 views

[SECURITY] [DSA 3939-1] botan1.10 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3939-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 12, 2017 https://www.debian.org/security/faq -...

9.8CVSS9.4AI score0.01317EPSS
Exploits2
OpenVAS
OpenVAS
added 2017/08/11 12:0 a.m.31 views

Debian: Security Advisory (DSA-3939-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.5AI score0.01317EPSS
Exploits2References3
Rows per page
Query Builder