Vulnerabilities > Botan Project

DATE CVE VULNERABILITY TITLE RISK
2021-02-22 CVE-2021-24115 Unspecified vulnerability in Botan Project Botan
In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).
network
low complexity
botan-project
7.5
2019-03-08 CVE-2018-20187 KEY Management Errors vulnerability in Botan Project Botan
A side-channel issue was discovered in Botan before 2.9.0.
4.3
2018-06-15 CVE-2018-12438 Information Exposure vulnerability in multiple products
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP.
1.9
2018-06-15 CVE-2018-12437 Information Exposure vulnerability in multiple products
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP.
1.9
2018-06-15 CVE-2018-12435 Information Exposure vulnerability in Botan Project Botan 2.5.0/2.6.0/2.7.0
Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp.
1.9
2018-06-15 CVE-2018-12433 Information Exposure vulnerability in multiple products
** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP.
1.9
2018-04-12 CVE-2018-9860 Off-By-One Error vulnerability in Botan Project Botan
An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0.
network
low complexity
botan-project CWE-193
5.0
2018-04-02 CVE-2018-9127 Improper Certificate Validation vulnerability in Botan Project Botan 2.2.0/2.3.0/2.4.0
Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match.
network
low complexity
botan-project CWE-295
7.5
2017-09-26 CVE-2017-14737 Unspecified vulnerability in Botan Project Botan
A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD.
local
low complexity
botan-project
2.1
2017-05-24 CVE-2017-2801 Out-Of-Bounds Read vulnerability in Botan Project Botan 2.0.1
A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse.
network
low complexity
botan-project CWE-125
7.5