Vulnerabilities > Botan Project

DATE CVE VULNERABILITY TITLE RISK
2023-11-03 CVE-2017-7252 Cleartext Transmission of Sensitive Information vulnerability in Botan Project Botan
bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.
network
low complexity
botan-project CWE-319
7.5
2022-11-27 CVE-2022-43705 Improper Certificate Validation vulnerability in Botan Project Botan
In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error.
network
low complexity
botan-project CWE-295
critical
9.1
2021-09-06 CVE-2021-40529 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
network
high complexity
botan-project fedoraproject mozilla CWE-327
5.9
2021-02-22 CVE-2021-24115 Unspecified vulnerability in Botan Project Botan
In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).
network
low complexity
botan-project
7.5
2019-03-08 CVE-2018-20187 Key Management Errors vulnerability in Botan Project Botan
A side-channel issue was discovered in Botan before 2.9.0.
4.3
2018-06-15 CVE-2018-12435 Information Exposure vulnerability in Botan Project Botan 2.5.0/2.6.0/2.7.0
Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp.
1.9
2018-04-12 CVE-2018-9860 Off-by-one Error vulnerability in Botan Project Botan
An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0.
network
low complexity
botan-project CWE-193
5.0
2018-04-02 CVE-2018-9127 Improper Certificate Validation vulnerability in Botan Project Botan 2.2.0/2.3.0/2.4.0
Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match.
network
low complexity
botan-project CWE-295
7.5
2017-09-26 CVE-2017-14737 A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD.
local
low complexity
botan-project debian
2.1
2017-05-24 CVE-2017-2801 Out-of-bounds Read vulnerability in Botan Project Botan 2.0.1
A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse.
network
low complexity
botan-project CWE-125
7.5