Known Vulnerabilities for Botan by Botan Project
Listed below are 10 of the newest known vulnerabilities associated with "Botan" by "Botan Project".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-32884 | Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name const... | Not Provided | 2026-03-30 | 2026-03-31 |
| CVE-2026-32883 | Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses... | Not Provided | 2026-03-30 | 2026-03-30 |
| CVE-2026-32877 | Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checke... | Not Provided | 2026-03-30 | 2026-03-31 |
| CVE-2021-40529 | The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery beca... | 5.9 - MEDIUM | 2021-09-06 | 2023-11-07 |
| CVE-2021-24115 | In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58,... | 9.8 - CRITICAL | 2021-02-22 | 2021-02-26 |
| CVE-2018-20187 | A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC ... | 5.9 - MEDIUM | 2019-03-08 | 2019-03-12 |
| CVE-2018-12435 | Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the H... | 5.9 - MEDIUM | 2018-06-15 | 2018-08-22 |
| CVE-2018-9860 | An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciph... | 7.5 - HIGH | 2018-04-12 | 2019-10-03 |
| CVE-2018-9127 | Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid ... | 9.8 - CRITICAL | 2018-04-02 | 2018-05-15 |
| CVE-2017-14737 | A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, ... | 5.5 - MEDIUM | 2017-09-26 | 2021-12-15 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Botan Project | Botan | 2.9.0 | All | All | All |
| Application | Botan Project | Botan | 2.8.0 | All | All | All |
| Application | Botan Project | Botan | 2.7.0 | All | All | All |
| Application | Botan Project | Botan | 2.6.0 | All | All | All |
| Application | Botan Project | Botan | 2.5.0 | All | All | All |
| Application | Botan Project | Botan | 2.4.0 | All | All | All |
| Application | Botan Project | Botan | 2.3.0 | All | All | All |
| Application | Botan Project | Botan | 2.2.0 | All | All | All |
| Application | Botan Project | Botan | 2.17.3 | All | All | All |
| Application | Botan Project | Botan | 2.17.2 | All | All | All |
| Application | Botan Project | Botan | 2.17.1 | All | All | All |
| Application | Botan Project | Botan | 2.17.0 | All | All | All |
| Application | Botan Project | Botan | 2.16.0 | All | All | All |
| Application | Botan Project | Botan | 2.15.0 | All | All | All |
| Application | Botan Project | Botan | 2.14.0 | All | All | All |
| Application | Botan Project | Botan | 2.13.0 | All | All | All |
| Application | Botan Project | Botan | 2.12.1 | All | All | All |
| Application | Botan Project | Botan | 2.12.0 | All | All | All |
| Application | Botan Project | Botan | 2.11.0 | All | All | All |
| Application | Botan Project | Botan | 2.10.0 | All | All | All |