Lucene search
K
Botan ProjectBotan

35 matches found

CVE
CVE
added 2021/02/22 1:57 a.m.172 views

CVE-2021-24115

CVE-2021-24115 affects Botan prior to 2.17.3, where constant-time computations are not applied to certain decoding/encoding operations (base32, base58, base64, and hex). The vulnerability is in the crypto/encoding paths of Botan; impact is shown as high to critical in CVSS data (NVD: 7.5/3.1 v3.1...

9.8CVSS9.3AI score0.01976EPSS
CVE
CVE
added 2021/09/06 6:45 p.m.148 views

CVE-2021-40529

The CVE-2021-40529 entry concerns the ElGamal implementation in Botan (through 2.18.1), used by Thunderbird and other products. A cross-configuration attack between two cryptographic libraries can lead to plaintext recovery by exploiting a dangerous combination of the receiver’s key prime and gen...

5.9CVSS5.7AI score0.01532EPSS
CVE
CVE
added 2017/05/24 2:0 p.m.98 views

CVE-2017-2801

CVE-2017-2801 affects Randombit Botan 2.0.1. Multiple Linux distro advisories (Mageia MGASA-2017-0327; Debian DLA-915-1; Fedora updates) and OpenVAS plugins describe an x509/PKI handling flaw in Botan’s certificate parsing that can trigger a denial of service or information leakage when processin...

9.8CVSS7AI score0.01317EPSS
CVE
CVE
added 2024/10/23 12:0 a.m.84 views

CVE-2024-50383

Botan before 3.6.0 is affected by CVE-2024-50383 due to a compiler-induced secret-dependent operation in donna128.h (donna128) used by ChaCha-Poly1305 and x25519. The issue was observed with GCC 11.3.0 -O2 on MIPS and GCC on x86-32 (only 32-bit processors). Reports in Mageia/openSUSE/Ubutnu advis...

5.9CVSS7AI score0.00542EPSS
CVE
CVE
added 2017/09/26 1:0 a.m.82 views

CVE-2017-14737

Botan contains a cache-based side-channel flaw in its RSA implementation that can let a local attacker recover bits of secret exponents used in RSA (and related operations). Affected are Botan versions before 1.10.17, and 1.11.x and 2.x before 2.3.0. The vulnerability arises from indexing a Montg...

5.5CVSS5.2AI score0.00318EPSS
CVE
CVE
added 2018/06/15 2:0 a.m.82 views

CVE-2018-12435

CVE-2018-12435 affects Botan 2.5.0–2.6.0 prior to 2.7.0, enabling a memory-cache side-channel attack on ECDSA (ROHNP) that could allow key recovery when attacker has local access or co-residency on the same host. Connected advisories confirm the issue in Botan’s ECDSA signing and related code pat...

5.9CVSS4.7AI score0.00499EPSS
CVE
CVE
added 2022/11/27 12:0 a.m.82 views

CVE-2022-43705

CVE-2022-43705 concerns Botan: in versions before 2.19.3, a certificate verification error allows forging OCSP responses. The issue was introduced in Botan 1.11.34 (Nov 2016) and is mitigated by upgrading to Botan 2.19.3 or later (as indicated by vendor advisories and open-source releases). Affec...

9.1CVSS8.8AI score0.00415EPSS
CVE
CVE
added 2019/03/08 7:0 p.m.78 views

CVE-2018-20187

The CVE-2018-20187 issue affects Botan before 2.9.0. It is a side‑channel vulnerability in ECC key generation: an attacker who can precisely measure the time to generate the secret key could deduce information about the high bits of the secret key because the public-point derivation uses an unbli...

5.9CVSS5.3AI score0.01525EPSS
CVE
CVE
added 2016/05/13 2:0 p.m.76 views

CVE-2016-2194

CVE-2016-2194 affects Botan: the ressol function (Tonelli–Shanks) can enter an infinite loop when given a composite modulus, exposed through ECC point decompression (OS2ECP). This enables a remote DoS condition. Several advisories (Debian DSA-3565, Gentoo GLSA-201612-38, Mageia MGASA-2016-0102, F...

7.5CVSS8.1AI score0.02558EPSS
CVE
CVE
added 2024/07/08 4:30 p.m.76 views

CVE-2024-39312

Botan CVE-2024-39312 affects the X.509 name-contraint check: when a certificate’s name is present in both permitted and excluded subtrees, the parser may erroneously accept it. The issue is resolved by upgrading Botan to 3.5.0 or 2.19.5 (fixed versions cited in multiple sources). The vulnerabilit...

5.3CVSS5.8AI score0.00272EPSS
CVE
CVE
added 2024/10/23 12:0 a.m.72 views

CVE-2024-50382

CVE-2024-50382 affects Botan before 3.6.0, where certain LLVM versions trigger compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp (GHASH in AES-GCM). A branch instead of an XOR with carry was observed, notably with Clang/LLVM 15 on RISC-V. The issue can cause undefined be...

5.9CVSS7AI score0.00546EPSS
CVE
CVE
added 2017/01/30 10:0 p.m.71 views

CVE-2016-9132

CVE-2016-9132 affects Botan 1.8.0–1.11.33. The issue is an integer overflow during BER data decoding that can produce an attacker-controlled, incorrect length field, leading to memory corruption or similar failures. Public references confirm several advisories: Debian/Mageia/OpenVAS entries note ...

9.8CVSS9.4AI score0.01978EPSS
CVE
CVE
added 2018/04/02 5:0 p.m.69 views

CVE-2018-9127

CVE-2018-9127 affects Botan library versions 2.2.0–2.4.0; the issue arises from improper wildcard certificate handling, allowing certain certificates to be treated as valid for hostnames under RFC 6125 rules within the same domain. The vulnerability could enable host impersonation if an attacker ...

9.8CVSS9.3AI score0.00963EPSS
CVE
CVE
added 2016/05/13 2:0 p.m.67 views

CVE-2015-5726

The CVE-2015-5726 issue affects Botan BER decoder: an empty BIT STRING in ASN.1 data can cause a remote denial of service (application crash) in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19. Debian advisories confirm fixes for botan1.10 in Jessie (upgrade to 1.10.8-2+deb8u1). If applicab...

7.5CVSS8AI score0.01355EPSS
CVE
CVE
added 2018/04/12 5:0 a.m.67 views

CVE-2018-9860

Botan CVE-2018-9860 affects Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext can cause the receiver to include 64K bytes following the record buffer in the HMAC, leading to a denial of service (MAC check fails and connection closes). No info...

7.5CVSS7.2AI score0.01382EPSS
CVE
CVE
added 2016/05/13 2:0 p.m.66 views

CVE-2016-2195

CVE-2016-2195 affects the Botan crypto library (C++). The root cause is an integer overflow in the PointGFp constructor used during ECC point decoding, which can trigger a heap-based buffer overflow when processing untrusted input. This could enable remote execution of code via a crafted ECC poin...

10CVSS9.6AI score0.06677EPSS
CVE
CVE
added 2016/05/13 2:0 p.m.65 views

CVE-2016-2849

CVE-2016-2849 affects Botan: the library did not use a constant-time algorithm for modular inverse during ECDSA signing, enabling timing side-channel leakage that could reveal ECDSA secret keys. Affected are Botan versions before 1.10.13 and 1.11.x before 1.11.29. Impact is a remote attacker pote...

7.5CVSS7.3AI score0.02443EPSS
CVE
CVE
added 2016/05/13 2:0 p.m.63 views

CVE-2015-7827

CVE-2015-7827 affects Botan cryptographic library: historical versions Bot an 1.10.x prior to 1.10.13 and 1.11.x prior to 1.11.22 are vulnerable. The root cause is a timing side-channel during PKCS#1 padding decoding, enabling remote attackers to mount million-message attacks. Public references i...

7.5CVSS7.4AI score0.02443EPSS
CVE
CVE
added 2016/05/13 2:0 p.m.61 views

CVE-2015-5727

CVE-2015-5727 affects Botan BER decoder. Multiple connected advisories (Debian DSA-3565, OpenVAS NASL) confirm the issue: the BER decoder could allocate a large amount of memory when processing a length field, enabling a denial of service through memory exhaustion. Affected: Botan 1.10.x before 1...

7.8CVSS8.1AI score0.01483EPSS
CVE
CVE
added 2017/04/10 3:0 p.m.59 views

CVE-2016-6878

The CVE-2016-6878 issue affects Botan’s Curve25519 implementation prior to version 1.11.31. On systems without a native 128‑bit integer type, the code may trigger undefined behavior leading to unspecified impact, demonstrated on 32‑bit ARM systems compiled with Clang. Affected component: Curve255...

9.8CVSS9.5AI score0.01232EPSS
CVE
CVE
added 2016/05/13 2:0 p.m.56 views

CVE-2016-2850

CVE-2016-2850 affects Botan 1.11.x prior to 1.11.29. The vulnerability arises from Botan not enforcing TLS policy for (1) signature algorithms and (2) ECC curves, enabling remote attackers to perform downgrade attacks via unspecified vectors. The issue may allow attackers to bypass TLS policy and...

7.5CVSS7.3AI score0.02118EPSS
CVE
CVE
added 2023/11/03 12:0 a.m.55 views

CVE-2017-7252

CVE-2017-7252 affects Botan's bcrypt implementation prior to 2.1.0, where passwords with lengths 57–72 are not handled correctly, making it easier to determine the cleartext password. The connected documents corroborate the issue but do not provide an explicit remediation version; no exploit deta...

7.5CVSS7.5AI score0.00315EPSS
CVE
CVE
added 2016/05/13 2:0 p.m.52 views

CVE-2014-9742

CVE-2014-9742 : The Miller–Rabin primality test in Botan before 1.10.8 and in 1.11.x before 1.11.9 improperly uses a single random base, weakening cryptographic protection for Diffie–Hellman groups. Connected advisories confirm this vulnerability in Botan’s pre-1.10.8 and specific 1.11.x releases...

7.5CVSS7.3AI score0.0143EPSS
CVE
CVE
added 2016/05/13 2:0 p.m.49 views

CVE-2016-2196

CVE-2016-2196 affects Botan 1.11.x (before 1.11.27). A heap-based overflow in the P-521 reduction function allows remote attackers to cause a memory overwrite, DoS, or arbitrary code execution via unspecified vectors. Upgrade to Botan 1.11.27 or later to remediate; exploitation details are not sp...

10CVSS9.7AI score0.05338EPSS
CVE
CVE
added 2016/10/28 3:0 p.m.47 views

CVE-2016-8871

CVE-2016-8871 affects Botan 1.11.29 through 1.11.32, where RSA decryption with certain padding options exposes a detectable OAEP timing channel. With a sufficient number of queries, an attacker could recover plaintext. The provided connected documents confirm the vulnerability details but do not ...

6.2CVSS6.2AI score0.00409EPSS
CVE
CVE
added 2017/04/10 3:0 p.m.45 views

CVE-2015-7825

Botan before 1.11.22 contains a denial-of-service vulnerability caused by improper validation of certificate paths, enabling a crafted certificate chain with a loop to trigger an infinite loop and memory consumption. Affected component: Botan library (C++ crypto library); root cause: incorrect pa...

7.8CVSS7.3AI score0.01045EPSS
CVE
CVE
added 2017/04/10 3:0 p.m.44 views

CVE-2016-6879

CVE-2016-6879 affects Botan (X509_Certificate::allowed_usage) in version 1.11.x before 1.11.31, where a call with more than one Key_Usage set in the enum value may cause unspecified impact. Affected: Botan 1.11.x prior to 1.11.31. No remediation details are provided in the supplied documents.

7.5CVSS7.7AI score0.00558EPSS
CVE
CVE
added 2017/04/10 3:0 p.m.40 views

CVE-2015-7824

Botan 1.11.x prior to 1.11.22 is vulnerable to a padding-oracle attack that makes it easier for remote attackers to decrypt TLS ciphertext when using TLS CBC ciphersuites. This is a remote/network issue affecting the Botan cryptographic library; exploitation is contingent on using an affected 1.1...

7.5CVSS7.4AI score0.01686EPSS
CVE
CVE
added 2017/04/10 3:0 p.m.40 views

CVE-2015-7826

Botan 1.11.x before 1.11.22 has a wildcard hostname matching flaw in X.509 verification, which may allow remote attackers to cause unspecified impact (e.g., accepting *.example.com for bar.foo.example.com). Affected software is Botan library; root cause is improper wildcard handling in hostname c...

9.8CVSS9.6AI score0.01115EPSS
CVE
CVE
added 2026/04/07 9:13 p.m.37 views

CVE-2026-34582

Botan TLS 1.3 vulnerability (CVE-2026-34582) affects Botan prior to 3.11.1, where ApplicationData records could be processed before the TLS Finished message, allowing bypass of client authentication via certificates. Affected: Botan before 3.11.1. Mitigation: upgrade to Botan 3.11.1 or later (sec...

9.1CVSS5.9AI score0.00233EPSS
CVE
CVE
added 2026/03/30 8:36 p.m.28 views

CVE-2026-32877

CVE-2026-32877 affects Botan (C++ crypto library). From version 2.3.0 up to but not including 3.11.0, SM2 decryption incorrectly checked the length of the encoded C3 value before comparison, allowing an invalid ciphertext to cause a heap over-read of up to 31 bytes. This can lead to a crash or po...

8.2CVSS5.8AI score0.00278EPSS
CVE
CVE
added 2026/04/07 9:12 p.m.25 views

CVE-2026-34580

CVE-2026-34580 affects Botan 3.11.0, where Certificate_Store::certificate_known could misidentify certificates during path validation. The function returned true when the DN (and subject key identifier, if set) matched the argument, without verifying the certificates were identical. A later path-...

9.3CVSS5.9AI score0.00249EPSS
CVE
CVE
added 2026/05/27 4:34 p.m.23 views

CVE-2026-44378

Botan (C++ cryptography library) is affected prior to version 3.12.0. Indefinite-length BER encodings could trigger quadratic parser behavior, even in structures that must be DER, leading to denial of service. The issue is fixed in 3.12.0. There are no explicit exploit details or in-the-wild expl...

7.5CVSS5.8AI score0.00324EPSS
CVE
CVE
added 2026/03/30 8:36 p.m.21 views

CVE-2026-32883

CVE-2026-32883 affects the Botan C++ cryptography library. From version 3.0.0 through before 3.11.0, during X509 path validation, OCSP responses were checked for a valid status but the OCSP response signature itself was not verified, enabling a potential Man‑in‑the‑Middle in certificate revocatio...

5.9CVSS5.8AI score0.00154EPSS
CVE
CVE
added 2026/03/30 8:36 p.m.13 views

CVE-2026-32884

CVE-2026-32884 — Botan (C++ crypto library) : Prior to version 3.11.0, during X.509 name constraints processing, Botan could mis-handle a mixed-case common name (CN) when no subject alternative name (SAN) is present. The CN check against DNS name constraints was effectively case-sensitive, allowi...

5.9CVSS5.7AI score0.00158EPSS