Vulnerabilities > Botan Project > Botan > 2.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-27 | CVE-2022-43705 | Improper Certificate Validation vulnerability in Botan Project Botan In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. | 9.1 |
| 2021-09-06 | CVE-2021-40529 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | 5.9 |
| 2021-02-22 | CVE-2021-24115 | Unspecified vulnerability in Botan Project Botan In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex). | 7.5 |
| 2019-03-08 | CVE-2018-20187 | Key Management Errors vulnerability in Botan Project Botan A side-channel issue was discovered in Botan before 2.9.0. | 4.3 |
| 2018-04-12 | CVE-2018-9860 | Off-by-one Error vulnerability in Botan Project Botan An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. | 5.0 |
| 2018-04-02 | CVE-2018-9127 | Improper Certificate Validation vulnerability in Botan Project Botan 2.2.0/2.3.0/2.4.0 Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. | 7.5 |
| 2017-09-26 | CVE-2017-14737 | A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. | 2.1 |