rpm package
opensuse/Botan&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/Botan&distro=openSUSE%20Tumbleweed
Vulnerabilities (21)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-35582 | Hig | 8.8 | < 3.11.1-1.1 | 3.11.1-1.1 | Apr 18, 2026 | Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The IN_FI | |
| CVE-2026-35580 | Cri | 9.1 | < 3.11.1-1.1 | 3.11.1-1.1 | Apr 7, 2026 | Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflow_dispatch inputs were interpolated directly into shell commands via ${{ }} expression syntax. An attacker with reposi | |
| CVE-2024-50382 | — | < 3.6.0-1.1 | 3.6.0-1.1 | Oct 23, 2024 | Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V. | ||
| CVE-2024-34702 | Med | 5.3 | < 2.19.5-1.1 | 2.19.5-1.1 | Jul 8, 2024 | Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and | |
| CVE-2024-39312 | — | < 2.19.5-1.1 | 2.19.5-1.1 | Jul 8, 2024 | Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both | ||
| CVE-2024-34703 | Hig | 7.5 | < 2.19.5-1.1 | 2.19.5-1.1 | Jun 30, 2024 | Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding wh | |
| CVE-2022-43705 | — | < 2.19.3-1.1 | 2.19.3-1.1 | Nov 27, 2022 | In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016). | ||
| CVE-2021-40529 | — | < 2.18.2-1.1 | 2.18.2-1.1 | Sep 6, 2021 | The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generat | ||
| CVE-2018-20187 | — | < 2.18.1-1.3 | 2.18.1-1.3 | Mar 8, 2019 | A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar u | ||
| CVE-2018-12435 | Med | 5.9 | < 2.18.1-1.3 | 2.18.1-1.3 | Jun 15, 2018 | Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to e | |
| CVE-2018-9860 | Hig | 7.5 | < 2.18.1-1.3 | 2.18.1-1.3 | Apr 12, 2018 | An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC c | |
| CVE-2018-9127 | Cri | 9.8 | < 2.18.1-1.3 | 2.18.1-1.3 | Apr 2, 2018 | Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a | |
| CVE-2017-14737 | Med | 5.5 | < 2.18.1-1.3 | 2.18.1-1.3 | Sep 26, 2017 | A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived | |
| CVE-2017-2801 | Med | 6.5 | < 2.18.1-1.3 | 2.18.1-1.3 | May 24, 2017 | A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server applic | |
| CVE-2016-9132 | Cri | 9.8 | < 2.18.1-1.3 | 2.18.1-1.3 | Jan 30, 2017 | In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption | |
| CVE-2016-2849 | Hig | 7.5 | < 1.10.13-1.1 | 1.10.13-1.1 | May 13, 2016 | Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack. | |
| CVE-2016-2195 | Cri | 9.8 | < 1.10.13-1.1 | 1.10.13-1.1 | May 13, 2016 | Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow. | |
| CVE-2016-2194 | Hig | 7.5 | < 1.10.13-1.1 | 1.10.13-1.1 | May 13, 2016 | The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus. | |
| CVE-2015-7827 | Hig | 7.5 | < 1.10.13-1.1 | 1.10.13-1.1 | May 13, 2016 | Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding. | |
| CVE-2015-5727 | Hig | 7.5 | < 1.10.13-1.1 | 1.10.13-1.1 | May 13, 2016 | The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field. |
- affected < 3.11.1-1.1fixed 3.11.1-1.1
Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The IN_FI
- affected < 3.11.1-1.1fixed 3.11.1-1.1
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflow_dispatch inputs were interpolated directly into shell commands via ${{ }} expression syntax. An attacker with reposi
- CVE-2024-50382Oct 23, 2024affected < 3.6.0-1.1fixed 3.6.0-1.1
Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V.
- affected < 2.19.5-1.1fixed 2.19.5-1.1
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and
- CVE-2024-39312Jul 8, 2024affected < 2.19.5-1.1fixed 2.19.5-1.1
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both
- affected < 2.19.5-1.1fixed 2.19.5-1.1
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding wh
- CVE-2022-43705Nov 27, 2022affected < 2.19.3-1.1fixed 2.19.3-1.1
In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).
- CVE-2021-40529Sep 6, 2021affected < 2.18.2-1.1fixed 2.18.2-1.1
The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generat
- CVE-2018-20187Mar 8, 2019affected < 2.18.1-1.3fixed 2.18.1-1.3
A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar u
- affected < 2.18.1-1.3fixed 2.18.1-1.3
Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to e
- affected < 2.18.1-1.3fixed 2.18.1-1.3
An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC c
- affected < 2.18.1-1.3fixed 2.18.1-1.3
Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a
- affected < 2.18.1-1.3fixed 2.18.1-1.3
A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived
- affected < 2.18.1-1.3fixed 2.18.1-1.3
A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server applic
- affected < 2.18.1-1.3fixed 2.18.1-1.3
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption
- affected < 1.10.13-1.1fixed 1.10.13-1.1
Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.
- affected < 1.10.13-1.1fixed 1.10.13-1.1
Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.
- affected < 1.10.13-1.1fixed 1.10.13-1.1
The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.
- affected < 1.10.13-1.1fixed 1.10.13-1.1
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
- affected < 1.10.13-1.1fixed 1.10.13-1.1
The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field.
Page 1 of 2