Lucene search
+L

631 matches found

OSV
OSV
added 2026/04/14 11:18 a.m.4 views

OPENSUSE-SU-2026:20528-1 Security update for Botan

This update for Botan fixes the following issues: - CVE-2026-34582: Fixed a client authentication bypass in TLS 1.3 implementation bsc1261880...

9.1CVSS5.8AI score0.00233EPSS
Exploits0References2
OSV
OSV
added 2026/04/14 12:0 a.m.4 views

OPENSUSE-SU-2026:10540-1 Botan-3.11.1-1.1 on GA media

These are all security issues fixed in the Botan-3.11.1-1.1 package on the GA media of openSUSE Tumbleweed...

9.1CVSS5.8AI score0.00861EPSS
Exploits2References2
SUSE CVE
SUSE CVE
added 2026/04/13 11:26 p.m.7 views

SUSE CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.7AI score0.00158EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/10 11:25 p.m.6 views

SUSE CVE-2026-34580

Botan is a C++ cryptography library. In 3.11.0, the function CertificateStore::certificateknown had a misleading name; it would return true if any certificate in the store had a DN and subject key identifier, if set matching that of the argument. It did not check that the cert it found and the ce...

9.3CVSS5.8AI score0.00249EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/10 11:25 p.m.7 views

SUSE CVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

9.1CVSS5.8AI score0.00233EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/08 9:31 a.m.5 views

CVE-2026-34580

A flaw was found in Botan, a C++ cryptography library. Due to a misleading function name and an assumption in path validation logic, an end entity certificate could be incorrectly accepted as a trusted root. This occurs when the end entity certificate's Distinguished Name DN and Subject Key...

9.3CVSS5.8AI score0.00249EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/08 9:24 a.m.5 views

CVE-2026-34582

A flaw was found in Botan, a C++ cryptography library. The TLS 1.3 implementation in Botan allows application data to be processed before the TLS handshake is fully completed. A remote attacker can exploit this by omitting critical client authentication messages, such as the Certificate,...

9.1CVSS5.9AI score0.00233EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-34580

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Botan is a C++ cryptography library. In 3.11.0, the function CertificateStore::certificateknown had a misleading name; it would return true if any certificate i...

9.3CVSS6AI score0.00249EPSS
Exploits0References3
OSV
OSV
added 2026/04/07 10:16 p.m.1 views

DEBIAN-CVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

9.1CVSS5.4AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2026/04/07 10:16 p.m.6 views

ALPINE-CVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

9.1CVSS5.4AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2026/04/07 10:16 p.m.8 views

ALPINE-CVE-2026-34580

Botan is a C++ cryptography library. In 3.11.0, the function CertificateStore::certificateknown had a misleading name; it would return true if any certificate in the store had a DN and subject key identifier, if set matching that of the argument. It did not check that the cert it found and the ce...

7.5CVSS5.4AI score0.00249EPSS
Exploits0References1
NVD
NVD
added 2026/04/07 10:16 p.m.5 views

CVE-2026-34580

Botan is a C++ cryptography library. In 3.11.0, the function CertificateStore::certificateknown had a misleading name; it would return true if any certificate in the store had a DN and subject key identifier, if set matching that of the argument. It did not check that the cert it found and the ce...

9.3CVSS0.00249EPSS
Exploits0References4
NVD
NVD
added 2026/04/07 10:16 p.m.9 views

CVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

9.1CVSS0.00233EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/07 10:16 p.m.4 views

CVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

9.1CVSS5.9AI score0.00233EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/07 10:16 p.m.4 views

CVE-2026-34580

Botan is a C++ cryptography library. In 3.11.0, the function CertificateStore::certificateknown had a misleading name; it would return true if any certificate in the store had a DN and subject key identifier, if set matching that of the argument. It did not check that the cert it found and the ce...

9.3CVSS5.9AI score0.00249EPSS
Exploits0References3
OSV
OSV
added 2026/04/07 10:16 p.m.9 views

UBUNTU-CVE-2026-34580

Botan is a C++ cryptography library. In 3.11.0, the function CertificateStore::certificateknown had a misleading name; it would return true if any certificate in the store had a DN and subject key identifier, if set matching that of the argument. It did not check that the cert it found and the ce...

9.3CVSS5.8AI score0.00249EPSS
Exploits0References4
OSV
OSV
added 2026/04/07 10:16 p.m.9 views

UBUNTU-CVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

9.1CVSS5.8AI score0.00233EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/07 10:11 p.m.4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper validation in the certificateknown function. An attacker can bypass certificate trust verification by presenting an end entity certificate with a distinguished name and subject key...

9.8CVSS5.7AI score0.00249EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 10:10 p.m.7 views

Improper Enforcement of Behavioral Workflow

Overview Affected versions of this package are vulnerable to Improper Enforcement of Behavioral Workflow in the TLS 1.3 implementation, which processes ApplicationData records before receiving the Finished message. An attacker can bypass certificate-based client authentication by omitting the...

9.1CVSS5.8AI score0.00233EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/07 9:13 p.m.2 views

CVE-2026-34582 Botan has a TLS 1.3 certificate authentication bypass

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

8.7CVSS5.9AI score0.00233EPSS
Exploits0References1
Rows per page
Query Builder