Vulnerabilities > Botan Project > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-03 | CVE-2017-7252 | Cleartext Transmission of Sensitive Information vulnerability in Botan Project Botan bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password. | 7.5 |
| 2018-04-12 | CVE-2018-9860 | Off-by-one Error vulnerability in Botan Project Botan An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. | 7.5 |
| 2017-04-10 | CVE-2016-6879 | Key Management Errors vulnerability in Botan Project Botan The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value. | 7.5 |
| 2017-04-10 | CVE-2015-7825 | Unspecified vulnerability in Botan Project Botan botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain. | 7.5 |
| 2017-04-10 | CVE-2015-7824 | Information Exposure vulnerability in Botan Project Botan botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites. | 7.5 |
| 2016-05-13 | CVE-2016-2850 | Improper Input Validation vulnerability in multiple products Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | 7.5 |
| 2016-05-13 | CVE-2016-2849 | Information Exposure vulnerability in multiple products Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack. | 7.5 |
| 2016-05-13 | CVE-2016-2194 | Improper Input Validation vulnerability in multiple products The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus. | 7.5 |
| 2016-05-13 | CVE-2015-7827 | Information Exposure vulnerability in multiple products Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding. | 7.5 |
| 2016-05-13 | CVE-2015-5727 | Resource Management Errors vulnerability in multiple products The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field. | 7.5 |