Vulnerabilities > Botan Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-05-13 | CVE-2016-2195 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow. | 9.8 |
2016-05-13 | CVE-2016-2194 | Improper Input Validation vulnerability in multiple products The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus. | 7.5 |
2016-05-13 | CVE-2015-7827 | Information Exposure vulnerability in multiple products Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding. | 7.5 |
2016-05-13 | CVE-2015-5727 | Resource Management Errors vulnerability in multiple products The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field. | 7.5 |
2016-05-13 | CVE-2015-5726 | Improper Input Validation vulnerability in multiple products The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data. | 7.5 |
2016-05-13 | CVE-2014-9742 | Cryptographic Issues vulnerability in Botan Project Botan The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group. | 7.5 |