VYPR

rpm package

opensuse/Botan&distro=openSUSE Leap 15.5

pkg:rpm/opensuse/Botan&distro=openSUSE%20Leap%2015.5

Vulnerabilities (5)

  • CVE-2024-50383Oct 23, 2024
    affected < 2.19.5-bp156.3.6.1fixed 2.19.5-bp156.3.6.1

    Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS,

  • CVE-2024-50382Oct 23, 2024
    affected < 2.19.5-bp156.3.6.1fixed 2.19.5-bp156.3.6.1

    Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V.

  • CVE-2024-34702MedJul 8, 2024
    affected < 2.19.5-bp155.2.3.1fixed 2.19.5-bp155.2.3.1

    Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and

  • CVE-2024-39312Jul 8, 2024
    affected < 2.19.5-bp155.2.3.1fixed 2.19.5-bp155.2.3.1

    Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both

  • CVE-2024-34703HigJun 30, 2024
    affected < 2.19.5-bp155.2.3.1fixed 2.19.5-bp155.2.3.1

    Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding wh