Botan Project

Botan

29 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2024-50383

Exploit
  • EPSS 0.16%
  • Published 23.10.2024 17:15:19
  • Last modified 10.07.2025 19:26:45

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set. This was observed fo...

5.9

CVE-2024-50382

Exploit
  • EPSS 0.16%
  • Published 23.10.2024 17:15:19
  • Last modified 10.07.2025 19:23:04

Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RI...

5.3

CVE-2024-39312

  • EPSS 0.29%
  • Published 08.07.2024 17:15:11
  • Last modified 11.04.2025 14:09:48

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that i...

7.5

CVE-2017-7252

  • EPSS 0.09%
  • Published 03.11.2023 01:15:07
  • Last modified 21.11.2024 03:31:28

bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.

9.1

CVE-2022-43705

  • EPSS 0.11%
  • Published 27.11.2022 04:15:10
  • Last modified 25.04.2025 20:15:32

In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).

5.9

CVE-2021-40529

Exploit
  • EPSS 0.28%
  • Published 06.09.2021 19:15:07
  • Last modified 21.11.2024 06:24:20

The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the rece...

9.8

CVE-2021-24115

  • EPSS 0.71%
  • Published 22.02.2021 02:15:14
  • Last modified 21.11.2024 05:52:23

In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).

5.9

CVE-2018-20187

  • EPSS 0.52%
  • Published 08.03.2019 19:29:00
  • Last modified 21.11.2024 04:01:02

A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public ...

5.9

CVE-2018-12435

Exploit
  • EPSS 0.15%
  • Published 15.06.2018 02:29:00
  • Last modified 21.11.2024 03:45:12

Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, ...

7.5

CVE-2018-9860

  • EPSS 0.5%
  • Published 12.04.2018 05:29:00
  • Last modified 21.11.2024 04:15:49

An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffe...