Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-05-13T14:00:00

Updated: 2024-08-05T23:32:21.226Z

Reserved: 2016-03-06T00:00:00

Link: CVE-2016-2850

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-05-13T14:59:11.743

Modified: 2024-11-21T02:48:56.497

Link: CVE-2016-2850

cve-icon Redhat

No data.