Botan@1.11.21 Security Vulnerabilities and Issues — Botan@1.11.21 CVE List

Lucene search

Botan ProjectBotan1.11.21

6 matches found

CVE•added 2016/05/13 2:59 p.m.•55 views

CVE-2016-2194

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.

7.5CVSS8.1AI score0.017EPSS

CVE•added 2016/05/13 2:59 p.m.•54 views

CVE-2016-2195

Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.

10CVSS9.6AI score0.05721EPSS

CVE•added 2016/05/13 2:59 p.m.•48 views

CVE-2016-2849

Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.

7.5CVSS7.3AI score0.00586EPSS

CVE•added 2016/05/13 2:59 p.m.•46 views

CVE-2015-7827

Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.

7.5CVSS7.4AI score0.00583EPSS

CVE•added 2016/05/13 2:59 p.m.•44 views

CVE-2016-2850

Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

7.5CVSS7.3AI score0.00434EPSS

CVE•added 2016/05/13 2:59 p.m.•34 views

CVE-2016-2196

Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (memory overwrite and crash) or execute arbitrary code via unspecified vectors.

10CVSS9.7AI score0.02396EPSS