Vulnerabilities > Botan Project

DATE CVE VULNERABILITY TITLE RISK
2021-09-06 CVE-2021-40529 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Botan Project Botan
The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
network
high complexity
botan-project CWE-327
2.6
2021-02-22 CVE-2021-24115 Unspecified vulnerability in Botan Project Botan
In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).
network
low complexity
botan-project
7.5
2019-03-08 CVE-2018-20187 Key Management Errors vulnerability in Botan Project Botan
A side-channel issue was discovered in Botan before 2.9.0.
4.3
2018-06-15 CVE-2018-12435 Information Exposure vulnerability in Botan Project Botan 2.5.0/2.6.0/2.7.0
Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp.
1.9
2018-04-12 CVE-2018-9860 Off-by-one Error vulnerability in Botan Project Botan
An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0.
network
low complexity
botan-project CWE-193
5.0
2018-04-02 CVE-2018-9127 Improper Certificate Validation vulnerability in Botan Project Botan 2.2.0/2.3.0/2.4.0
Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match.
network
low complexity
botan-project CWE-295
7.5
2017-09-26 CVE-2017-14737 Unspecified vulnerability in Botan Project Botan
A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD.
local
low complexity
botan-project
2.1
2017-05-24 CVE-2017-2801 Out-of-bounds Read vulnerability in Botan Project Botan 2.0.1
A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse.
network
low complexity
botan-project CWE-125
7.5
2017-04-10 CVE-2016-6879 Key Management Errors vulnerability in Botan Project Botan
The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.
network
low complexity
botan-project CWE-320
5.0
2017-04-10 CVE-2016-6878 Improper Input Validation vulnerability in Botan Project Botan
The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang.
network
low complexity
botan-project CWE-20
7.5