VYPR

rpm package

suse/Botan&distro=SUSE Linux Enterprise Software Development Kit 11 SP4

pkg:rpm/suse/Botan&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Vulnerabilities (2)

  • CVE-2016-9132CriJan 30, 2017
    affected < 1.6.5-4.1fixed 1.6.5-4.1

    In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption

  • CVE-2015-7827HigMay 13, 2016
    affected < 1.6.5-4.1fixed 1.6.5-4.1

    Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.