Vulnerabilities > Botan Project > Botan > 1.11.22

DATE CVE VULNERABILITY TITLE RISK
2016-05-13 CVE-2016-2195 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.
network
low complexity
botan-project debian CWE-119
critical
 10.0
10
2016-05-13 CVE-2016-2194 Improper Input Validation vulnerability in multiple products
The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.
network
low complexity
debian botan-project CWE-20
5.0
5.0