Lucene search
K

628 matches found

AlpineLinux
AlpineLinux
added 2026/03/30 8:36 p.m.3 views

CVE-2026-32877

Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value C3 failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read o...

8.2CVSS5.7AI score0.00278EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/30 8:36 p.m.1 views

CVE-2026-32883

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0...

5.9CVSS5.8AI score0.00154EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/30 8:36 p.m.3 views

CVE-2026-32883 Botan: Missing OCSP Response Signature Verification Allows MitM Certificate Revocation Bypass

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0...

5.9CVSS5.8AI score0.00154EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/30 8:36 p.m.19 views

CVE-2026-32883 Botan: Missing OCSP Response Signature Verification Allows MitM Certificate Revocation Bypass

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0...

5.9CVSS0.00154EPSS
Exploits0References1
CVE
CVE
added 2026/03/30 8:36 p.m.17 views

CVE-2026-32883

CVE-2026-32883 affects the Botan C++ cryptography library. From version 3.0.0 through before 3.11.0, during X509 path validation, OCSP responses were checked for a valid status but the OCSP response signature itself was not verified, enabling a potential Man‑in‑the‑Middle in certificate revocatio...

5.9CVSS5.8AI score0.00154EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/03/30 8:36 p.m.3 views

CVE-2026-32883

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0...

5.9CVSS5.3AI score0.00154EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/03/30 8:36 p.m.4 views

CVE-2026-32883

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0...

5.9CVSS5.3AI score0.00154EPSS
Exploits0
OSV
OSV
added 2026/03/30 8:36 p.m.2 views

CVE-2026-32884 Botan: Case-Insensitive CN Values Bypass DNS excludedSubtrees Name Constraints (RFC 5280 Violation)

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.8AI score0.00158EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/30 8:36 p.m.3 views

EUVD-2026-17212

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.7AI score0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/30 8:36 p.m.21 views

CVE-2026-32884 Botan: Case-Insensitive CN Values Bypass DNS excludedSubtrees Name Constraints (RFC 5280 Violation)

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/03/30 8:36 p.m.10 views

CVE-2026-32884

CVE-2026-32884 — Botan (C++ crypto library) : Prior to version 3.11.0, during X.509 name constraints processing, Botan could mis-handle a mixed-case common name (CN) when no subject alternative name (SAN) is present. The CN check against DNS name constraints was effectively case-sensitive, allowi...

5.9CVSS5.7AI score0.00158EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/03/30 8:36 p.m.3 views

CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.3AI score0.00158EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.10 views

Botan 缓冲区错误漏洞

Botan is a C++ encryption library developed by Jack Lloyd as an individual project. Versions of Botan from 2.3.0 to 3.11.0 contained a buffer error vulnerability. This vulnerability stemmed from the failure to check the expected length of the authentication code value during the SM2 decryption...

8.2CVSS6AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29125

Name of the Vulnerable Software and Affected Versions Botan versions 3.0.0 through 3.10.9 Description Botan is a C++ cryptography library. During X509 path validation, versions prior to 3.11.0 did not verify the signature of Online Certificate Status Protocol OCSP responses, only checking for an...

5.9CVSS5.9AI score0.00154EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29124

Name of the Vulnerable Software and Affected Versions Botan versions 2.3.0 through 3.10.9 Description Botan is a C++ cryptography library. During SM2 decryption, the code that checks the authentication code value C3 does not verify the encoded value's length before comparison. This can lead to a...

8.2CVSS5.9AI score0.00278EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.11 views

Botan 数据伪造问题漏洞

Botan is a C++ encryption library developed by Jack Lloyd as an individual project. Versions of Botan from 3.0.0 to 3.11.0 had a data manipulation vulnerability, which stemmed from the lack of signature verification for OCSP responses during the X509 path validation process...

5.9CVSS5.7AI score0.00154EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.10 views

Botan 信任管理问题漏洞

Botan is a C++ encryption library developed by Jack Lloyd as an individual project. Versions of Botan prior to 3.11.0 had a trust management vulnerability. This vulnerability stemmed from improper checks of mixed-case common names when processing X.509 certificate paths, which could lead to...

5.9CVSS5.8AI score0.00158EPSS
Exploits0References1
OSV
OSV
added 2026/03/29 6:51 p.m.2 views

ROOT-OS-ALPINE-320-CVE-2024-50382 CVE-2024-50382 in rootio-botan - Patched by Root

Root has patched CVE-2024-50382 in the rootio-botan package for Root:Alpine:3.20. Multiple fixed versions available...

5.9CVSS5.4AI score0.00546EPSS
Exploits1
OSV
OSV
added 2026/03/29 6:51 p.m.1 views

ROOT-OS-ALPINE-320-CVE-2024-50383 CVE-2024-50383 in rootio-botan - Patched by Root

Root has patched CVE-2024-50383 in the rootio-botan package for Root:Alpine:3.20. Multiple fixed versions available...

5.9CVSS5.4AI score0.00542EPSS
Exploits1
OSV
OSV
added 2026/03/29 6:50 p.m.2 views

ROOT-OS-ALPINE-319-CVE-2024-50382 CVE-2024-50382 in rootio-botan - Patched by Root

Root has patched CVE-2024-50382 in the rootio-botan package for Root:Alpine:3.19. Multiple fixed versions available...

5.9CVSS5.4AI score0.00546EPSS
Exploits1
Rows per page
Query Builder