VYPR
Get started
← All advisories
High severity7.5NVD Advisory· Published May 13, 2016· Updated May 6, 2026

CVE-2016-2850

CVE-2016-2850

Description

Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

Affected products

30
  • Botan Project/Botan29 versions
    cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*+ 28 more
    • cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*
    • cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*
  • Fedoraproject/Fedora
    cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.