Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
botan project vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-9860
An issue exists in Botan 1.11.32 up to and including 2.x prior to 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The...
Botan Project Botan
5
CVSSv2
CVE-2016-6879
The X509_Certificate::allowed_usage function in botan 1.11.x prior to 1.11.31 might allow malicious users to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.
Botan Project Botan 1.11.12
Botan Project Botan 1.11.13
Botan Project Botan 1.11.14
Botan Project Botan 1.11.15
Botan Project Botan 1.11.16
Botan Project Botan 1.11.29
Botan Project Botan 1.11.30
Botan Project Botan 1.11.4
Botan Project Botan 1.11.5
Botan Project Botan 1.11.6
Botan Project Botan 1.11.7
Botan Project Botan 1.11.21
Botan Project Botan 1.11.22
Botan Project Botan 1.11.23
Botan Project Botan 1.11.24
Botan Project Botan 1.11.1
Botan Project Botan 1.11.3
Botan Project Botan 1.11.8
Botan Project Botan 1.11.10
Botan Project Botan 1.11.17
Botan Project Botan 1.11.19
Botan Project Botan 1.11.26
5
CVSSv2
CVE-2015-7824
botan 1.11.x prior to 1.11.22 makes it easier for remote malicious users to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites.
Botan Project Botan
5
CVSSv2
CVE-2016-2850
Botan 1.11.x prior to 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote malicious users to conduct downgrade attacks via unspecified vectors.
Fedoraproject Fedora 24
Botan Project Botan 1.11.25
Botan Project Botan 1.11.24
Botan Project Botan 1.11.17
Botan Project Botan 1.11.16
Botan Project Botan 1.11.15
Botan Project Botan 1.11.8
Botan Project Botan 1.11.7
Botan Project Botan 1.11.0
Botan Project Botan 1.11.28
Botan Project Botan 1.11.21
Botan Project Botan 1.11.20
Botan Project Botan 1.11.12
Botan Project Botan 1.11.11
Botan Project Botan 1.11.4
Botan Project Botan 1.11.3
Botan Project Botan 1.11.23
Botan Project Botan 1.11.22
Botan Project Botan 1.11.14
Botan Project Botan 1.11.13
Botan Project Botan 1.11.6
Botan Project Botan 1.11.5
5
CVSSv2
CVE-2016-2194
The ressol function in Botan prior to 1.10.11 and 1.11.x prior to 1.11.27 allows remote malicious users to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.
Debian Debian Linux 8.0
Botan Project Botan 1.11.21
Botan Project Botan 1.11.20
Botan Project Botan 1.11.12
Botan Project Botan 1.11.11
Botan Project Botan 1.11.4
Botan Project Botan 1.11.3
Botan Project Botan 1.11.23
Botan Project Botan 1.11.22
Botan Project Botan 1.11.15
Botan Project Botan 1.11.14
Botan Project Botan 1.11.13
Botan Project Botan 1.11.6
Botan Project Botan 1.11.5
Botan Project Botan 1.11.26
Botan Project Botan 1.11.19
Botan Project Botan 1.11.18
Botan Project Botan 1.11.10
Botan Project Botan 1.11.9
Botan Project Botan 1.11.2
Botan Project Botan 1.11.1
Botan Project Botan 1.11.25
5
CVSSv2
CVE-2015-7827
Botan prior to 1.10.13 and 1.11.x prior to 1.11.22 make it easier for remote malicious users to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
Fedoraproject Fedora 24
Botan Project Botan 1.11.20
Botan Project Botan 1.11.15
Botan Project Botan 1.11.13
Botan Project Botan 1.11.6
Botan Project Botan 1.11.4
Botan Project Botan 1.11.11
Botan Project Botan 1.11.10
Botan Project Botan 1.11.9
Botan Project Botan 1.11.8
Botan Project Botan 1.11.19
Botan Project Botan 1.11.18
Botan Project Botan 1.11.17
Botan Project Botan 1.11.16
Botan Project Botan 1.11.2
Botan Project Botan 1.11.1
Botan Project Botan 1.11.0
Botan Project Botan
Botan Project Botan 1.11.21
Botan Project Botan 1.11.14
Botan Project Botan 1.11.12
Botan Project Botan 1.11.7
5
CVSSv2
CVE-2014-9742
The Miller-Rabin primality check in Botan prior to 1.10.8 and 1.11.x prior to 1.11.9 improperly uses a single random base, which makes it easier for remote malicious users to defeat cryptographic protection mechanisms via a DH group.
Botan Project Botan 1.11.7
Botan Project Botan 1.11.0
Botan Project Botan 1.11.5
Botan Project Botan 1.11.4
Botan Project Botan 1.11.3
Botan Project Botan 1.11.2
Botan Project Botan 1.11.8
Botan Project Botan 1.11.6
Botan Project Botan 1.11.1
Botan Project Botan
5
CVSSv2
CVE-2015-5726
The BER decoder in Botan 0.10.x prior to 1.10.10 and 1.11.x prior to 1.11.19 allows remote malicious users to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.
Botan Project Botan 1.11.14
Botan Project Botan 1.11.12
Botan Project Botan 1.11.5
Botan Project Botan 1.11.3
Botan Project Botan 1.10.6
Botan Project Botan 1.10.4
Botan Project Botan 1.11.18
Botan Project Botan 1.11.17
Botan Project Botan 1.11.16
Botan Project Botan 1.11.15
Botan Project Botan 1.11.1
Botan Project Botan 1.11.0
Botan Project Botan 1.10.9
Botan Project Botan 1.10.8
Botan Project Botan 1.11.10
Botan Project Botan 1.11.9
Botan Project Botan 1.11.8
Botan Project Botan 1.11.7
Botan Project Botan 1.11.6
Botan Project Botan 1.10.3
Botan Project Botan 1.10.2
Botan Project Botan 1.10.1
5
CVSSv2
CVE-2016-2849
Botan prior to 1.10.13 and 1.11.x prior to 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote malicious users to obtain ECDSA secret keys via a timing side-channel attack.
Debian Debian Linux 8.0
Fedoraproject Fedora 24
Botan Project Botan 1.11.22
Botan Project Botan 1.11.21
Botan Project Botan 1.11.14
Botan Project Botan 1.11.13
Botan Project Botan 1.11.12
Botan Project Botan 1.11.5
Botan Project Botan 1.11.4
Botan Project Botan 1.11.26
Botan Project Botan 1.11.25
Botan Project Botan 1.11.18
Botan Project Botan 1.11.17
Botan Project Botan 1.11.9
Botan Project Botan 1.11.8
Botan Project Botan 1.11.1
Botan Project Botan 1.11.0
Botan Project Botan 1.11.28
Botan Project Botan 1.11.27
Botan Project Botan 1.11.20
Botan Project Botan 1.11.19
Botan Project Botan 1.11.11
4.3
CVSSv2
CVE-2018-20187
A side-channel issue exists in Botan prior to 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an...
Botan Project Botan
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »