Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
botan project vulnerabilities and exploits
(subscribe to this query)
2.6
CVSSv2
CVE-2021-40529
The ElGamal implementation in Botan up to and including 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public...
Botan Project Botan
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Mozilla Thunderbird
2.1
CVSSv2
CVE-2017-14737
A cryptographic cache-based side channel in the RSA implementation in Botan prior to 1.10.17, and 1.11.x and 2.x prior to 2.3.0, allows a local malicious user to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bit...
Botan Project Botan 1.11.6
Botan Project Botan 1.11.7
Botan Project Botan 1.11.8
Botan Project Botan 1.11.9
Botan Project Botan 1.11.23
Botan Project Botan 1.11.24
Botan Project Botan 1.11.25
Botan Project Botan 1.11.26
Botan Project Botan
Botan Project Botan 1.11.0
Botan Project Botan 1.11.1
Botan Project Botan 1.11.15
Botan Project Botan 1.11.16
Botan Project Botan 1.11.17
Botan Project Botan 1.11.18
Botan Project Botan 2.0.0
Botan Project Botan 2.0.1
Botan Project Botan 2.1.0
Botan Project Botan 2.2.0
Botan Project Botan 1.11.3
Botan Project Botan 1.11.5
Botan Project Botan 1.11.10
2.1
CVSSv2
CVE-2016-8871
In Botan 1.11.29 up to and including 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack.
Botan Project Botan 1.11.32
Botan Project Botan 1.11.30
Botan Project Botan 1.11.31
Botan Project Botan 1.11.29
1.9
CVSSv2
CVE-2018-12435
Botan 2.5.0 up to and including 2.6.0 prior to 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker nee...
Botan Project Botan
NA
CVE-2017-7252
bcrypt password hashing in Botan prior to 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for malicious users to determine the cleartext password.
Botan Project Botan
NA
CVE-2022-43705
In Botan prior to 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).
Botan Project Botan
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3