Botan Security Vulnerabilities and Issues — Botan CVE List

Lucene search

Botan ProjectBotan

5 matches found

CVE•added 2017/04/10 3:59 p.m.•39 views

CVE-2016-6878

The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang.

9.8CVSS9.5AI score0.00397EPSS

CVE•added 2017/04/10 3:59 p.m.•35 views

CVE-2016-6879

The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.

7.5CVSS7.7AI score0.00185EPSS

CVE•added 2017/04/10 3:59 p.m.•31 views

CVE-2015-7825

botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain.

7.8CVSS7.3AI score0.0031EPSS

CVE•added 2017/04/10 3:59 p.m.•30 views

CVE-2015-7824

botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites.

7.5CVSS7.4AI score0.00237EPSS

CVE•added 2017/04/10 3:59 p.m.•28 views

CVE-2015-7826

botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com.

9.8CVSS9.6AI score0.00429EPSS