Vulnerabilities > Botan Project > Botan > 2.17.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-27 | CVE-2022-43705 | Improper Certificate Validation vulnerability in Botan Project Botan In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. | 9.1 |
| 2021-09-06 | CVE-2021-40529 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | 5.9 |