628 matches found
CVE-2016-6878
The CVE-2016-6878 issue affects Botan’s Curve25519 implementation prior to version 1.11.31. On systems without a native 128‑bit integer type, the code may trigger undefined behavior leading to unspecified impact, demonstrated on 32‑bit ARM systems compiled with Clang. Affected component: Curve255...
CVE-2015-7826
Botan 1.11.x before 1.11.22 has a wildcard hostname matching flaw in X.509 verification, which may allow remote attackers to cause unspecified impact (e.g., accepting *.example.com for bar.foo.example.com). Affected software is Botan library; root cause is improper wildcard handling in hostname c...
CVE-2015-7825
Botan before 1.11.22 contains a denial-of-service vulnerability caused by improper validation of certificate paths, enabling a crafted certificate chain with a loop to trigger an infinite loop and memory consumption. Affected component: Botan library (C++ crypto library); root cause: incorrect pa...
CVE-2016-6879
CVE-2016-6879 affects Botan (X509_Certificate::allowed_usage) in version 1.11.x before 1.11.31, where a call with more than one Key_Usage set in the enum value may cause unspecified impact. Affected: Botan 1.11.x prior to 1.11.31. No remediation details are provided in the supplied documents.
CVE-2015-7825
Removed by vendor...
CVE-2015-7824
Removed by vendor...
CVE-2016-6878
Removed by vendor...
CVE-2016-6879
Removed by vendor...
CVE-2015-7826
Removed by vendor...
botan: Use-of-uninitialized-value in Botan::Charset::is_space
Project: https://github.com/randombit/botan.git Detailed report: https://oss-fuzz.com/testcase?key=6157314526543872 Project: botan Fuzzer: libFuzzerbotancert Fuzz target binary: cert Job Type: libfuzzermsanbotan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...
botan: Heap-buffer-overflow in Botan::x500_name_cmp
Project: https://github.com/randombit/botan.git Detailed report: https://oss-fuzz.com/testcase?key=5063165517758464 Project: botan Fuzzer: libFuzzerbotancert Fuzz target binary: cert Job Type: libfuzzerasanbotan Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...
Botan Integer Overflow Vulnerability
Botan is a library of cryptographic algorithms in the C++ programming language that supports AES, DES, SHA-1, RSA, DSA and Diffie-Hellman. An integer overflow vulnerability exists in Botan versions 1.8.0 through 1.11.33. An attacker could exploit this vulnerability to cause memory corruption...
CVE-2016-9132
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned incorrect and attacker controlled length field in a way which later causes memory corruption or other failure...
Integer overflow
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned incorrect and attacker controlled length field in a way which later causes memory corruption or other failure...
CVE-2016-9132
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned incorrect and attacker controlled length field in a way which later causes memory corruption or other failure...
CVE-2016-9132
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned incorrect and attacker controlled length field in a way which later causes memory corruption or other failure...
UBUNTU-CVE-2016-9132
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned incorrect and attacker controlled length field in a way which later causes memory corruption or other failure...
CVE-2016-9132
CVE-2016-9132 affects Botan 1.8.0–1.11.33. The issue is an integer overflow during BER data decoding that can produce an attacker-controlled, incorrect length field, leading to memory corruption or similar failures. Public references confirm several advisories: Debian/Mageia/OpenVAS entries note ...
CVE-2016-9132
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned incorrect and attacker controlled length field in a way which later causes memory corruption or other failure...
CVE-2016-9132
Removed by vendor...