botan · threatengine.sh

CVE-2026-34582

>= 3.0.0 and <= 3.11.0

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be pro

9.1CRITICAL

CVE-2026-34580

all versions

Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a misleading name; it would

7.5HIGH

CVE-2026-32884

< 3.11.0

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraint

5.9MEDIUM

CVE-2026-32883

>= 3.0.0 and < 3.11.0

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were

5.9MEDIUM

CVE-2026-32877

>= 2.3.0 and < 3.11.0

Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the

8.2HIGH

CVE-2024-50383

< 3.6.0

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h

5.9MEDIUM

CVE-2024-50382

< 3.6.0

Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/gha

5.9MEDIUM

CVE-2024-39312

< 2.19.5

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using ex

5.3MEDIUM

CVE-2017-7252

>= 1.11.0 and < 2.1.0

bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, whic

7.5HIGH

CVE-2022-43705

>= 1.11.34 and < 2.19.3

In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced

9.1CRITICAL

CVE-2021-40529

<= 2.18.1

The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because,

5.9MEDIUM

CVE-2021-24115

< 2.17.3

In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base

9.8CRITICAL

CVE-2018-20187

< 2.9.0

A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key g

5.9MEDIUM

CVE-2018-12435

>= 2.5.0 and <= 2.7.0

Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden

5.9MEDIUM

CVE-2018-9860

>= 1.11.32 and < 2.6.0

An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertex

7.5HIGH

CVE-2018-9127

>= 2.2.0 and <= 2.4.0

Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for h

9.8CRITICAL

CVE-2017-14737

<= 1.10.16

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allow

5.5MEDIUM

CVE-2017-2801

all versions

A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which c

6.5MEDIUM

CVE-2016-6879

all versions

The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by le

7.5HIGH

CVE-2016-6878

<= 1.11.30

The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspe

9.8CRITICAL

CVE-2015-7826

<= 1.11.21

botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have uns

9.8CRITICAL

CVE-2015-7825

<= 1.11.21

botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite

7.5HIGH

CVE-2015-7824

<= 1.11.21

botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack agains

7.5HIGH

CVE-2016-9132

all versions

In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length fiel

9.8CRITICAL

CVE-2016-8871

all versions

In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given su

6.2MEDIUM

CVE-2016-2850

all versions

Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attac

7.5HIGH

CVE-2016-2849

all versions

Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature

7.5HIGH

CVE-2016-2196

all versions

Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denia

9.8CRITICAL

CVE-2016-2195

<= 1.10.10

Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrit

9.8CRITICAL

CVE-2016-2194

<= 1.10.10

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infini

7.5HIGH

CVE-2015-7827

<= 1.10.13

Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring

7.5HIGH

CVE-2015-5727

all versions

The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (mem

7.5HIGH

CVE-2015-5726

all versions

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (app

7.5HIGH

CVE-2014-9742

<= 1.10.7

The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes

7.5HIGH

botan project botan