Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-9742 | 1 Botan Project | 1 Botan | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group. | |||||
CVE-2015-5727 | 2 Botan Project, Debian | 2 Botan, Debian Linux | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field. | |||||
CVE-2016-2849 | 3 Botan Project, Debian, Fedoraproject | 3 Botan, Debian Linux, Fedora | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack. | |||||
CVE-2016-2194 | 2 Botan Project, Debian | 2 Botan, Debian Linux | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus. | |||||
CVE-2015-5726 | 2 Botan Project, Debian | 2 Botan, Debian Linux | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data. |