Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
botan vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-24115
In Botan prior to 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).
Botan Project Botan
9.8
CVSSv3
CVE-2018-9127
Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a ...
Botan Project Botan
9.8
CVSSv3
CVE-2017-2801
A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server applic...
Botan Project Botan 2.0.1
9.8
CVSSv3
CVE-2016-6878
The Curve25519 code in botan prior to 1.11.31, on systems without a native 128-bit integer type, might allow malicious users to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang.
Botan Project Botan
9.8
CVSSv3
CVE-2015-7826
botan 1.11.x prior to 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote malicious users to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com.
Botan Project Botan
9.8
CVSSv3
CVE-2016-9132
In Botan 1.8.0 up to and including 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memor...
Botan Project Botan 1.10.7
Botan Project Botan 1.9.9
Botan Project Botan 1.11.18
Botan Project Botan 1.9.17
Botan Project Botan 1.11.0
Botan Project Botan 1.10.9
Botan Project Botan 1.11.21
Botan Project Botan 1.11.26
Botan Project Botan 1.8.4
Botan Project Botan 1.11.32
Botan Project Botan 1.10.15
Botan Project Botan 1.11.19
Botan Project Botan 1.9.10
Botan Project Botan 1.10.12
Botan Project Botan 1.8.0
Botan Project Botan 1.9.3
Botan Project Botan 1.11.12
Botan Project Botan 1.9.4
Botan Project Botan 1.10.8
Botan Project Botan 1.9.8
Botan Project Botan 1.8.13
Botan Project Botan 1.9.13
9.8
CVSSv3
CVE-2016-2195
Integer overflow in the PointGFp constructor in Botan prior to 1.10.11 and 1.11.x prior to 1.11.27 allows remote malicious users to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.
Botan Project Botan 1.11.21
Botan Project Botan 1.11.20
Botan Project Botan 1.11.13
Botan Project Botan 1.11.12
Botan Project Botan 1.11.4
Botan Project Botan 1.11.3
Botan Project Botan 1.11.23
Botan Project Botan 1.11.22
Botan Project Botan 1.11.15
Botan Project Botan 1.11.14
Botan Project Botan 1.11.7
Botan Project Botan 1.11.6
Botan Project Botan 1.11.5
Botan Project Botan 1.11.26
Botan Project Botan 1.11.19
Botan Project Botan 1.11.18
Botan Project Botan 1.11.11
Botan Project Botan 1.11.10
Botan Project Botan 1.11.2
Botan Project Botan 1.11.1
Botan Project Botan 1.11.25
Botan Project Botan 1.11.24
9.8
CVSSv3
CVE-2016-2196
Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x prior to 1.11.27 allows remote malicious users to cause a denial of service (memory overwrite and crash) or execute arbitrary code via unspecified vectors.
Botan Project Botan 1.11.25
Botan Project Botan 1.11.20
Botan Project Botan 1.11.18
Botan Project Botan 1.11.11
Botan Project Botan 1.11.9
Botan Project Botan 1.11.4
Botan Project Botan 1.11.2
Botan Project Botan 1.11.0
Botan Project Botan 1.11.24
Botan Project Botan 1.11.23
Botan Project Botan 1.11.22
Botan Project Botan 1.11.21
Botan Project Botan 1.11.8
Botan Project Botan 1.11.7
Botan Project Botan 1.11.6
Botan Project Botan 1.11.5
Botan Project Botan 1.11.16
Botan Project Botan 1.11.15
Botan Project Botan 1.11.14
Botan Project Botan 1.11.13
Botan Project Botan 1.11.26
Botan Project Botan 1.11.19
9.1
CVSSv3
CVE-2022-43705
In Botan prior to 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).
Botan Project Botan
7.5
CVSSv3
CVE-2017-7252
bcrypt password hashing in Botan prior to 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for malicious users to determine the cleartext password.
Botan Project Botan
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »