Known Vulnerabilities for products from Botan Project
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Botan Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34582 json | Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to b... | Not Provided | 2026-04-07 | 2026-04-17 |
| CVE-2026-34580 json | Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a misleading name; it w... | Not Provided | 2026-04-07 | 2026-04-17 |
| CVE-2026-32884 json | Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name const... | Not Provided | 2026-03-30 | 2026-04-13 |
| CVE-2026-32883 json | Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses... | Not Provided | 2026-03-30 | 2026-04-13 |
| CVE-2026-32877 json | Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checke... | Not Provided | 2026-03-30 | 2026-04-13 |
| CVE-2022-43705 json | In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introd... | 9.1 - CRITICAL | 2022-11-27 | 2022-12-01 |
| CVE-2021-40529 json | The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery beca... | 5.9 - MEDIUM | 2021-09-06 | 2023-11-07 |
| CVE-2021-24115 json | In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58,... | 9.8 - CRITICAL | 2021-02-22 | 2021-02-26 |
| CVE-2018-20187 json | A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC ... | 5.9 - MEDIUM | 2019-03-08 | 2019-03-12 |
| CVE-2018-12435 json | Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the H... | 5.9 - MEDIUM | 2018-06-15 | 2018-08-22 |
| CVE-2018-9860 json | An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciph... | 7.5 - HIGH | 2018-04-12 | 2019-10-03 |
| CVE-2018-9127 json | Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid ... | 9.8 - CRITICAL | 2018-04-02 | 2018-05-15 |
| CVE-2017-14737 json | A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, ... | 5.5 - MEDIUM | 2017-09-26 | 2021-12-15 |
| CVE-2017-7252 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-11-03 | 2023-11-13 |
| CVE-2017-2801 json | A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons wh... | 9.8 - CRITICAL | 2017-05-24 | 2022-04-19 |
| CVE-2016-9132 json | In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length... | 9.8 - CRITICAL | 2017-01-30 | 2023-11-07 |
| CVE-2016-8871 json | In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could giv... | 6.2 - MEDIUM | 2016-10-28 | 2016-11-29 |
| CVE-2016-6879 json | The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact ... | 7.5 - HIGH | 2017-04-10 | 2017-04-15 |
| CVE-2016-6878 json | The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have ... | 9.8 - CRITICAL | 2017-04-10 | 2017-04-15 |
| CVE-2016-2850 json | Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote ... | 7.5 - HIGH | 2016-05-13 | 2017-07-01 |
Known software with vulnerabilities from Botan Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Botan Project | Botan | 0.7.0 |