Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
botan project botan vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-7252
bcrypt password hashing in Botan prior to 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for malicious users to determine the cleartext password.
Botan Project Botan
9.1
CVSSv3
CVE-2022-43705
In Botan prior to 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).
Botan Project Botan
5.9
CVSSv3
CVE-2021-40529
The ElGamal implementation in Botan up to and including 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public...
Botan Project Botan
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Mozilla Thunderbird
9.8
CVSSv3
CVE-2021-24115
In Botan prior to 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).
Botan Project Botan
5.9
CVSSv3
CVE-2018-20187
A side-channel issue exists in Botan prior to 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an...
Botan Project Botan
5.9
CVSSv3
CVE-2018-12435
Botan 2.5.0 up to and including 2.6.0 prior to 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker nee...
Botan Project Botan
7.5
CVSSv3
CVE-2018-9860
An issue exists in Botan 1.11.32 up to and including 2.x prior to 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The...
Botan Project Botan
9.8
CVSSv3
CVE-2018-9127
Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a ...
Botan Project Botan
5.5
CVSSv3
CVE-2017-14737
A cryptographic cache-based side channel in the RSA implementation in Botan prior to 1.10.17, and 1.11.x and 2.x prior to 2.3.0, allows a local malicious user to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bit...
Botan Project Botan 1.11.18
Botan Project Botan 1.11.0
Botan Project Botan 1.11.21
Botan Project Botan 1.11.26
Botan Project Botan 1.11.19
Botan Project Botan 1.11.12
Botan Project Botan 1.11.3
Botan Project Botan 1.11.17
Botan Project Botan 1.11.10
Botan Project Botan 1.11.14
Botan Project Botan 1.11.1
Botan Project Botan 1.11.6
Botan Project Botan 1.11.25
Botan Project Botan 1.11.27
Botan Project Botan 1.11.11
Botan Project Botan 1.11.24
Botan Project Botan 1.11.4
Botan Project Botan 1.11.7
Botan Project Botan 1.11.5
Botan Project Botan 1.11.20
Botan Project Botan 1.11.33
Botan Project Botan 1.11.8
9.8
CVSSv3
CVE-2017-2801
A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server applic...
Botan Project Botan 2.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »