Filtered by vendor Botan Project Subscriptions
Total 28 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-7826 1 Botan Project 1 Botan 2024-11-21 N/A
botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com.
CVE-2015-7825 1 Botan Project 1 Botan 2024-11-21 N/A
botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain.
CVE-2015-7824 1 Botan Project 1 Botan 2024-11-21 N/A
botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites.
CVE-2015-5727 2 Botan Project, Debian 2 Botan, Debian Linux 2024-11-21 N/A
The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field.
CVE-2015-5726 2 Botan Project, Debian 2 Botan, Debian Linux 2024-11-21 N/A
The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.
CVE-2014-9742 1 Botan Project 1 Botan 2024-11-21 N/A
The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group.
CVE-2024-50383 1 Botan Project 1 Botan 2024-10-25 5.9 Medium
Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i386. (Only 32-bit processors can be affected.)
CVE-2024-50382 1 Botan Project 1 Botan 2024-10-25 5.9 Medium
Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V.