Max CVSS | 7.8 | Min CVSS | 1.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-12435 | 1.9 |
Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key,
|
22-08-2018 - 19:57 | 15-06-2018 - 02:29 | |
CVE-2016-6879 | 5.0 |
The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.
|
15-04-2017 - 01:00 | 10-04-2017 - 15:59 | |
CVE-2016-6878 | 7.5 |
The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang.
|
15-04-2017 - 00:58 | 10-04-2017 - 15:59 | |
CVE-2015-7824 | 5.0 |
botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites.
|
15-04-2017 - 00:42 | 10-04-2017 - 15:59 | |
CVE-2015-7825 | 7.8 |
botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain. <a href="http://cwe.mitre.org/data/
|
15-04-2017 - 00:41 | 10-04-2017 - 15:59 | |
CVE-2015-7826 | 7.5 |
botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example
|
15-04-2017 - 00:40 | 10-04-2017 - 15:59 | |
CVE-2016-8871 | 2.1 |
In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack.
|
29-11-2016 - 19:20 | 28-10-2016 - 15:59 |