Botan@1.11.28 Security Vulnerabilities and Issues — Botan@1.11.28 CVE List

Lucene search

Botan ProjectBotan1.11.28

5 matches found

CVE•added 2017/09/26 1:29 a.m.•69 views

CVE-2017-14737

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.

5.5CVSS5.2AI score0.00052EPSS

CVE•added 2017/01/30 10:59 p.m.•49 views

CVE-2016-9132

In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.

9.8CVSS9.4AI score0.00484EPSS

CVE•added 2016/05/13 2:59 p.m.•48 views

CVE-2016-2849

Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.

7.5CVSS7.3AI score0.00586EPSS

CVE•added 2016/05/13 2:59 p.m.•44 views

CVE-2016-2850

Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

7.5CVSS7.3AI score0.00434EPSS

CVE•added 2017/04/10 3:59 p.m.•35 views

CVE-2016-6879

The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.

7.5CVSS7.7AI score0.00185EPSS