Known Vulnerabilities for products from Botan Project
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Botan Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-40529 | The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery beca... | 5.9 - MEDIUM | 2021-09-06 | 2023-11-07 |
| CVE-2021-24115 | In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58,... | 9.8 - CRITICAL | 2021-02-22 | 2021-02-26 |
| CVE-2018-20187 | A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC ... | 5.9 - MEDIUM | 2019-03-08 | 2019-03-12 |
| CVE-2018-12435 | Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the H... | 5.9 - MEDIUM | 2018-06-15 | 2018-08-22 |
| CVE-2018-9860 | An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciph... | 7.5 - HIGH | 2018-04-12 | 2019-10-03 |
| CVE-2018-9127 | Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid ... | 9.8 - CRITICAL | 2018-04-02 | 2018-05-15 |
| CVE-2017-14737 | A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, ... | 5.5 - MEDIUM | 2017-09-26 | 2021-12-15 |
| CVE-2017-7252 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-11-03 | 2023-11-13 |
| CVE-2017-2801 | A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons wh... | 9.8 - CRITICAL | 2017-05-24 | 2022-04-19 |
| CVE-2016-9132 | In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length... | 9.8 - CRITICAL | 2017-01-30 | 2023-11-07 |
| CVE-2016-8871 | In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could giv... | 6.2 - MEDIUM | 2016-10-28 | 2016-11-29 |
| CVE-2016-6879 | The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact ... | 7.5 - HIGH | 2017-04-10 | 2017-04-15 |
| CVE-2016-6878 | The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have ... | 9.8 - CRITICAL | 2017-04-10 | 2017-04-15 |
| CVE-2016-2850 | Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote ... | 7.5 - HIGH | 2016-05-13 | 2017-07-01 |
| CVE-2016-2849 | Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signa... | 7.5 - HIGH | 2016-05-13 | 2017-07-01 |
| CVE-2016-2196 | Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a ... | 9.8 - CRITICAL | 2016-05-13 | 2016-05-16 |
| CVE-2016-2195 | Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to ove... | 9.8 - CRITICAL | 2016-05-13 | 2017-07-01 |
| CVE-2016-2194 | The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (i... | 7.5 - HIGH | 2016-05-13 | 2017-07-01 |
| CVE-2015-7827 | Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by meas... | 7.5 - HIGH | 2016-05-13 | 2016-06-09 |
| CVE-2015-7826 | botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to hav... | 9.8 - CRITICAL | 2017-04-10 | 2017-04-15 |
Known software with vulnerabilities from Botan Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Botan Project | Botan | 0.7.0 |