Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Botan
(Botan_project)| Repositories | https://github.com/randombit/botan |
| #Vulnerabilities | 26 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-06-15 | CVE-2018-12435 | Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | Botan | 5.9 | ||
| 2016-10-28 | CVE-2016-8871 | In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack. | Botan | 6.2 | ||
| 2017-04-10 | CVE-2016-6879 | The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value. | Botan | 7.5 | ||
| 2017-04-10 | CVE-2016-6878 | The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang. | Botan | 9.8 | ||
| 2016-05-13 | CVE-2016-2850 | Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | Botan, Fedora | 7.5 | ||
| 2016-05-13 | CVE-2016-2849 | Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack. | Botan, Debian_linux, Fedora | 7.5 | ||
| 2016-05-13 | CVE-2016-2196 | Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (memory overwrite and crash) or execute arbitrary code via unspecified vectors. | Botan | 9.8 | ||
| 2016-05-13 | CVE-2016-2195 | Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow. | Botan, Debian_linux | 9.8 | ||
| 2016-05-13 | CVE-2016-2194 | The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus. | Botan, Debian_linux | 7.5 | ||
| 2016-05-13 | CVE-2015-7827 | Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding. | Botan, Debian_linux, Fedora | 7.5 |