Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

botan project botan 1.11.29 vulnerabilities and exploits

(subscribe to this query)
2.1
CVSSv2
CVE-2016-8871
In Botan 1.11.29 up to and including 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack.
Botan Project Botan 1.11.32Botan Project Botan 1.11.30Botan Project Botan 1.11.31Botan Project Botan 1.11.29
5
CVSSv2
CVE-2016-6879
The X509_Certificate::allowed_usage function in botan 1.11.x prior to 1.11.31 might allow malicious users to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.
Botan Project Botan 1.11.12Botan Project Botan 1.11.13Botan Project Botan 1.11.14Botan Project Botan 1.11.15Botan Project Botan 1.11.16Botan Project Botan 1.11.29Botan Project Botan 1.11.30Botan Project Botan 1.11.4Botan Project Botan 1.11.5Botan Project Botan 1.11.6Botan Project Botan 1.11.7Botan Project Botan 1.11.21Botan Project Botan 1.11.22Botan Project Botan 1.11.23Botan Project Botan 1.11.24Botan Project Botan 1.11.1Botan Project Botan 1.11.3Botan Project Botan 1.11.8Botan Project Botan 1.11.10Botan Project Botan 1.11.17Botan Project Botan 1.11.19Botan Project Botan 1.11.26
5
CVSSv2
CVE-2016-2850
Botan 1.11.x prior to 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote malicious users to conduct downgrade attacks via unspecified vectors.
Fedoraproject Fedora 24Botan Project Botan 1.11.25Botan Project Botan 1.11.24Botan Project Botan 1.11.17Botan Project Botan 1.11.16Botan Project Botan 1.11.15Botan Project Botan 1.11.8Botan Project Botan 1.11.7Botan Project Botan 1.11.0Botan Project Botan 1.11.28Botan Project Botan 1.11.21Botan Project Botan 1.11.20Botan Project Botan 1.11.12Botan Project Botan 1.11.11Botan Project Botan 1.11.4Botan Project Botan 1.11.3Botan Project Botan 1.11.23Botan Project Botan 1.11.22Botan Project Botan 1.11.14Botan Project Botan 1.11.13Botan Project Botan 1.11.6Botan Project Botan 1.11.5
5
CVSSv2
CVE-2016-2849
Botan prior to 1.10.13 and 1.11.x prior to 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote malicious users to obtain ECDSA secret keys via a timing side-channel attack.
Debian Debian Linux 8.0Fedoraproject Fedora 24Botan Project Botan 1.11.22Botan Project Botan 1.11.21Botan Project Botan 1.11.14Botan Project Botan 1.11.13Botan Project Botan 1.11.12Botan Project Botan 1.11.5Botan Project Botan 1.11.4Botan Project Botan 1.11.26Botan Project Botan 1.11.25Botan Project Botan 1.11.18Botan Project Botan 1.11.17Botan Project Botan 1.11.9Botan Project Botan 1.11.8Botan Project Botan 1.11.1Botan Project Botan 1.11.0Botan Project Botan 1.11.28Botan Project Botan 1.11.27Botan Project Botan 1.11.20Botan Project Botan 1.11.19Botan Project Botan 1.11.11
7.5
CVSSv2
CVE-2016-9132
In Botan 1.8.0 up to and including 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memor...
Botan Project Botan 1.10.7Botan Project Botan 1.9.9Botan Project Botan 1.11.18Botan Project Botan 1.9.17Botan Project Botan 1.11.0Botan Project Botan 1.10.9Botan Project Botan 1.11.21Botan Project Botan 1.11.26Botan Project Botan 1.8.4Botan Project Botan 1.11.32Botan Project Botan 1.10.15Botan Project Botan 1.11.19Botan Project Botan 1.9.10Botan Project Botan 1.10.12Botan Project Botan 1.8.0Botan Project Botan 1.9.3Botan Project Botan 1.11.12Botan Project Botan 1.9.4Botan Project Botan 1.10.8Botan Project Botan 1.9.8Botan Project Botan 1.8.13Botan Project Botan 1.9.13
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook