UBUNTU-CVE-2015-7827

Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS1 padding...

UBUNTU-CVE-2014-9742

The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group...

UBUNTU-CVE-2015-5727

The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service memory consumption via unspecified vectors, related to a length field...

UBUNTU-CVE-2015-5726

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service application crash via an empty BIT STRING in ASN.1 data...

UBUNTU-CVE-2016-2195

Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow. The bigintmul and bigintsqr functions received the...

UBUNTU-CVE-2016-2196

Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service memory overwrite and crash or execute arbitrary code via unspecified vectors...

UBUNTU-CVE-2016-2194

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service infinite loop via unspecified input to the OS2ECP function, related to a composite modulus...

CVE-2014-9742

The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group...

CVE-2015-5726

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service application crash via an empty BIT STRING in ASN.1 data...

CVE-2014-9742

The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group...

CVE-2016-2196

Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service memory overwrite and crash or execute arbitrary code via unspecified vectors...

CVE-2016-2849

Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack...

CVE-2016-2194

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service infinite loop via unspecified input to the OS2ECP function, related to a composite modulus...

CVE-2016-2194

CVE-2016-2194 affects Botan: the ressol function (Tonelli–Shanks) can enter an infinite loop when given a composite modulus, exposed through ECC point decompression (OS2ECP). This enables a remote DoS condition. Several advisories (Debian DSA-3565, Gentoo GLSA-201612-38, Mageia MGASA-2016-0102, F...

CVE-2015-7827

CVE-2015-7827 affects Botan cryptographic library: historical versions Bot an 1.10.x prior to 1.10.13 and 1.11.x prior to 1.11.22 are vulnerable. The root cause is a timing side-channel during PKCS#1 padding decoding, enabling remote attackers to mount million-message attacks. Public references i...

CVE-2016-2850

CVE-2016-2850 affects Botan 1.11.x prior to 1.11.29. The vulnerability arises from Botan not enforcing TLS policy for (1) signature algorithms and (2) ECC curves, enabling remote attackers to perform downgrade attacks via unspecified vectors. The issue may allow attackers to bypass TLS policy and...

CVE-2016-2849

CVE-2016-2849 affects Botan: the library did not use a constant-time algorithm for modular inverse during ECDSA signing, enabling timing side-channel leakage that could reveal ECDSA secret keys. Affected are Botan versions before 1.10.13 and 1.11.x before 1.11.29. Impact is a remote attacker pote...

CVE-2016-2195

CVE-2016-2195 affects the Botan crypto library (C++). The root cause is an integer overflow in the PointGFp constructor used during ECC point decoding, which can trigger a heap-based buffer overflow when processing untrusted input. This could enable remote execution of code via a crafted ECC poin...

CVE-2015-5726

The CVE-2015-5726 issue affects Botan BER decoder: an empty BIT STRING in ASN.1 data can cause a remote denial of service (application crash) in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19. Debian advisories confirm fixes for botan1.10 in Jessie (upgrade to 1.10.8-2+deb8u1). If applicab...

CVE-2016-2196

CVE-2016-2196 affects Botan 1.11.x (before 1.11.27). A heap-based overflow in the P-521 reduction function allows remote attackers to cause a memory overwrite, DoS, or arbitrary code execution via unspecified vectors. Upgrade to Botan 1.11.27 or later to remediate; exploitation details are not sp...