35 matches found
CVE-2021-24115
CVE-2021-24115 affects Botan prior to 2.17.3, where constant-time computations are not applied to certain decoding/encoding operations (base32, base58, base64, and hex). The vulnerability is in the crypto/encoding paths of Botan; impact is shown as high to critical in CVSS data (NVD: 7.5/3.1 v3.1...
CVE-2021-40529
The CVE-2021-40529 entry concerns the ElGamal implementation in Botan (through 2.18.1), used by Thunderbird and other products. A cross-configuration attack between two cryptographic libraries can lead to plaintext recovery by exploiting a dangerous combination of the receiver’s key prime and gen...
CVE-2017-2801
CVE-2017-2801 affects Randombit Botan 2.0.1. Multiple Linux distro advisories (Mageia MGASA-2017-0327; Debian DLA-915-1; Fedora updates) and OpenVAS plugins describe an x509/PKI handling flaw in Botan’s certificate parsing that can trigger a denial of service or information leakage when processin...
CVE-2024-50383
Botan before 3.6.0 is affected by CVE-2024-50383 due to a compiler-induced secret-dependent operation in donna128.h (donna128) used by ChaCha-Poly1305 and x25519. The issue was observed with GCC 11.3.0 -O2 on MIPS and GCC on x86-32 (only 32-bit processors). Reports in Mageia/openSUSE/Ubutnu advis...
CVE-2017-14737
Botan contains a cache-based side-channel flaw in its RSA implementation that can let a local attacker recover bits of secret exponents used in RSA (and related operations). Affected are Botan versions before 1.10.17, and 1.11.x and 2.x before 2.3.0. The vulnerability arises from indexing a Montg...
CVE-2018-12435
CVE-2018-12435 affects Botan 2.5.0–2.6.0 prior to 2.7.0, enabling a memory-cache side-channel attack on ECDSA (ROHNP) that could allow key recovery when attacker has local access or co-residency on the same host. Connected advisories confirm the issue in Botan’s ECDSA signing and related code pat...
CVE-2022-43705
CVE-2022-43705 concerns Botan: in versions before 2.19.3, a certificate verification error allows forging OCSP responses. The issue was introduced in Botan 1.11.34 (Nov 2016) and is mitigated by upgrading to Botan 2.19.3 or later (as indicated by vendor advisories and open-source releases). Affec...
CVE-2018-20187
The CVE-2018-20187 issue affects Botan before 2.9.0. It is a side‑channel vulnerability in ECC key generation: an attacker who can precisely measure the time to generate the secret key could deduce information about the high bits of the secret key because the public-point derivation uses an unbli...
CVE-2016-2194
CVE-2016-2194 affects Botan: the ressol function (Tonelli–Shanks) can enter an infinite loop when given a composite modulus, exposed through ECC point decompression (OS2ECP). This enables a remote DoS condition. Several advisories (Debian DSA-3565, Gentoo GLSA-201612-38, Mageia MGASA-2016-0102, F...
CVE-2024-39312
Botan CVE-2024-39312 affects the X.509 name-contraint check: when a certificate’s name is present in both permitted and excluded subtrees, the parser may erroneously accept it. The issue is resolved by upgrading Botan to 3.5.0 or 2.19.5 (fixed versions cited in multiple sources). The vulnerabilit...
CVE-2024-50382
CVE-2024-50382 affects Botan before 3.6.0, where certain LLVM versions trigger compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp (GHASH in AES-GCM). A branch instead of an XOR with carry was observed, notably with Clang/LLVM 15 on RISC-V. The issue can cause undefined be...
CVE-2016-9132
CVE-2016-9132 affects Botan 1.8.0–1.11.33. The issue is an integer overflow during BER data decoding that can produce an attacker-controlled, incorrect length field, leading to memory corruption or similar failures. Public references confirm several advisories: Debian/Mageia/OpenVAS entries note ...
CVE-2018-9127
CVE-2018-9127 affects Botan library versions 2.2.0–2.4.0; the issue arises from improper wildcard certificate handling, allowing certain certificates to be treated as valid for hostnames under RFC 6125 rules within the same domain. The vulnerability could enable host impersonation if an attacker ...
CVE-2015-5726
The CVE-2015-5726 issue affects Botan BER decoder: an empty BIT STRING in ASN.1 data can cause a remote denial of service (application crash) in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19. Debian advisories confirm fixes for botan1.10 in Jessie (upgrade to 1.10.8-2+deb8u1). If applicab...
CVE-2018-9860
Botan CVE-2018-9860 affects Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext can cause the receiver to include 64K bytes following the record buffer in the HMAC, leading to a denial of service (MAC check fails and connection closes). No info...
CVE-2016-2195
CVE-2016-2195 affects the Botan crypto library (C++). The root cause is an integer overflow in the PointGFp constructor used during ECC point decoding, which can trigger a heap-based buffer overflow when processing untrusted input. This could enable remote execution of code via a crafted ECC poin...
CVE-2016-2849
CVE-2016-2849 affects Botan: the library did not use a constant-time algorithm for modular inverse during ECDSA signing, enabling timing side-channel leakage that could reveal ECDSA secret keys. Affected are Botan versions before 1.10.13 and 1.11.x before 1.11.29. Impact is a remote attacker pote...
CVE-2015-7827
CVE-2015-7827 affects Botan cryptographic library: historical versions Bot an 1.10.x prior to 1.10.13 and 1.11.x prior to 1.11.22 are vulnerable. The root cause is a timing side-channel during PKCS#1 padding decoding, enabling remote attackers to mount million-message attacks. Public references i...
CVE-2015-5727
CVE-2015-5727 affects Botan BER decoder. Multiple connected advisories (Debian DSA-3565, OpenVAS NASL) confirm the issue: the BER decoder could allocate a large amount of memory when processing a length field, enabling a denial of service through memory exhaustion. Affected: Botan 1.10.x before 1...
CVE-2016-6878
The CVE-2016-6878 issue affects Botan’s Curve25519 implementation prior to version 1.11.31. On systems without a native 128‑bit integer type, the code may trigger undefined behavior leading to unspecified impact, demonstrated on 32‑bit ARM systems compiled with Clang. Affected component: Curve255...
CVE-2016-2850
CVE-2016-2850 affects Botan 1.11.x prior to 1.11.29. The vulnerability arises from Botan not enforcing TLS policy for (1) signature algorithms and (2) ECC curves, enabling remote attackers to perform downgrade attacks via unspecified vectors. The issue may allow attackers to bypass TLS policy and...
CVE-2017-7252
CVE-2017-7252 affects Botan's bcrypt implementation prior to 2.1.0, where passwords with lengths 57–72 are not handled correctly, making it easier to determine the cleartext password. The connected documents corroborate the issue but do not provide an explicit remediation version; no exploit deta...
CVE-2014-9742
CVE-2014-9742 : The Miller–Rabin primality test in Botan before 1.10.8 and in 1.11.x before 1.11.9 improperly uses a single random base, weakening cryptographic protection for Diffie–Hellman groups. Connected advisories confirm this vulnerability in Botan’s pre-1.10.8 and specific 1.11.x releases...
CVE-2016-2196
CVE-2016-2196 affects Botan 1.11.x (before 1.11.27). A heap-based overflow in the P-521 reduction function allows remote attackers to cause a memory overwrite, DoS, or arbitrary code execution via unspecified vectors. Upgrade to Botan 1.11.27 or later to remediate; exploitation details are not sp...
CVE-2016-8871
CVE-2016-8871 affects Botan 1.11.29 through 1.11.32, where RSA decryption with certain padding options exposes a detectable OAEP timing channel. With a sufficient number of queries, an attacker could recover plaintext. The provided connected documents confirm the vulnerability details but do not ...
CVE-2015-7825
Botan before 1.11.22 contains a denial-of-service vulnerability caused by improper validation of certificate paths, enabling a crafted certificate chain with a loop to trigger an infinite loop and memory consumption. Affected component: Botan library (C++ crypto library); root cause: incorrect pa...
CVE-2016-6879
CVE-2016-6879 affects Botan (X509_Certificate::allowed_usage) in version 1.11.x before 1.11.31, where a call with more than one Key_Usage set in the enum value may cause unspecified impact. Affected: Botan 1.11.x prior to 1.11.31. No remediation details are provided in the supplied documents.
CVE-2015-7824
Botan 1.11.x prior to 1.11.22 is vulnerable to a padding-oracle attack that makes it easier for remote attackers to decrypt TLS ciphertext when using TLS CBC ciphersuites. This is a remote/network issue affecting the Botan cryptographic library; exploitation is contingent on using an affected 1.1...
CVE-2015-7826
Botan 1.11.x before 1.11.22 has a wildcard hostname matching flaw in X.509 verification, which may allow remote attackers to cause unspecified impact (e.g., accepting *.example.com for bar.foo.example.com). Affected software is Botan library; root cause is improper wildcard handling in hostname c...
CVE-2026-34582
Botan TLS 1.3 vulnerability (CVE-2026-34582) affects Botan prior to 3.11.1, where ApplicationData records could be processed before the TLS Finished message, allowing bypass of client authentication via certificates. Affected: Botan before 3.11.1. Mitigation: upgrade to Botan 3.11.1 or later (sec...
CVE-2026-32877
CVE-2026-32877 affects Botan (C++ crypto library). From version 2.3.0 up to but not including 3.11.0, SM2 decryption incorrectly checked the length of the encoded C3 value before comparison, allowing an invalid ciphertext to cause a heap over-read of up to 31 bytes. This can lead to a crash or po...
CVE-2026-34580
CVE-2026-34580 affects Botan 3.11.0, where Certificate_Store::certificate_known could misidentify certificates during path validation. The function returned true when the DN (and subject key identifier, if set) matched the argument, without verifying the certificates were identical. A later path-...
CVE-2026-44378
Botan (C++ cryptography library) is affected prior to version 3.12.0. Indefinite-length BER encodings could trigger quadratic parser behavior, even in structures that must be DER, leading to denial of service. The issue is fixed in 3.12.0. There are no explicit exploit details or in-the-wild expl...
CVE-2026-32883
CVE-2026-32883 affects the Botan C++ cryptography library. From version 3.0.0 through before 3.11.0, during X509 path validation, OCSP responses were checked for a valid status but the OCSP response signature itself was not verified, enabling a potential Man‑in‑the‑Middle in certificate revocatio...
CVE-2026-32884
CVE-2026-32884 — Botan (C++ crypto library) : Prior to version 3.11.0, during X.509 name constraints processing, Botan could mis-handle a mixed-case common name (CN) when no subject alternative name (SAN) is present. The CN check against DNS name constraints was effectively case-sensitive, allowi...