10 matches found
Design/Logic Flaw
The X509Certificate::allowedusage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one KeyUsage set in the enum value...
CVE-2016-6879
The X509Certificate::allowedusage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one KeyUsage set in the enum value...
CVE-2016-6879
Removed by vendor...
CVE-2016-2196
Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service memory overwrite and crash or execute arbitrary code via unspecified vectors...
Heap overflow
Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service memory overwrite and crash or execute arbitrary code via unspecified vectors...
CVE-2016-2850
Botan 1.11.x before 1.11.29 does not enforce TLS policy for 1 signature algorithms and 2 ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors...
CVE-2015-5727
The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service memory consumption via unspecified vectors, related to a length field...
CVE-2016-2196
Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service memory overwrite and crash or execute arbitrary code via unspecified vectors...
CVE-2016-2850
CVE-2016-2850 affects Botan 1.11.x prior to 1.11.29. The vulnerability arises from Botan not enforcing TLS policy for (1) signature algorithms and (2) ECC curves, enabling remote attackers to perform downgrade attacks via unspecified vectors. The issue may allow attackers to bypass TLS policy and...
CVE-2016-2850
Botan 1.11.x before 1.11.29 does not enforce TLS policy for 1 signature algorithms and 2 ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors...