Vulnerabilities > Botan Project

DATE CVE VULNERABILITY TITLE RISK
2016-05-13 CVE-2016-2195 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.
network
low complexity
botan-project debian CWE-119
critical
9.8
2016-05-13 CVE-2016-2194 Improper Input Validation vulnerability in multiple products
The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.
network
low complexity
debian botan-project CWE-20
7.5
2016-05-13 CVE-2015-7827 Information Exposure vulnerability in multiple products
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
network
low complexity
fedoraproject botan-project debian CWE-200
7.5
2016-05-13 CVE-2015-5727 Resource Management Errors vulnerability in multiple products
The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field.
network
low complexity
botan-project debian CWE-399
7.5
2016-05-13 CVE-2015-5726 Improper Input Validation vulnerability in multiple products
The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.
network
low complexity
botan-project debian CWE-20
7.5
2016-05-13 CVE-2014-9742 Cryptographic Issues vulnerability in Botan Project Botan
The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group.
network
low complexity
botan-project CWE-310
7.5