VYPR

rpm package

suse/Botan&distro=SUSE Linux Enterprise Software Development Kit 12 SP2

pkg:rpm/suse/Botan&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2

Vulnerabilities (10)

  • CVE-2017-14737MedSep 26, 2017
    affected < 1.10.9-4.3.1fixed 1.10.9-4.3.1

    A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived

  • CVE-2017-2801MedMay 24, 2017
    affected < 1.10.9-3.1fixed 1.10.9-3.1

    A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server applic

  • CVE-2016-9132CriJan 30, 2017
    affected < 1.10.9-3.1fixed 1.10.9-3.1

    In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption

  • CVE-2016-2849HigMay 13, 2016
    affected < 1.10.9-3.1fixed 1.10.9-3.1

    Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.

  • CVE-2016-2195CriMay 13, 2016
    affected < 1.10.9-3.1fixed 1.10.9-3.1

    Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.

  • CVE-2016-2194HigMay 13, 2016
    affected < 1.10.9-3.1fixed 1.10.9-3.1

    The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.

  • CVE-2015-7827HigMay 13, 2016
    affected < 1.10.9-3.1fixed 1.10.9-3.1

    Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.

  • CVE-2015-5727HigMay 13, 2016
    affected < 1.10.9-3.1fixed 1.10.9-3.1

    The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field.

  • CVE-2015-5726HigMay 13, 2016
    affected < 1.10.9-3.1fixed 1.10.9-3.1

    The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.

  • CVE-2014-9742HigMay 13, 2016
    affected < 1.10.9-3.1fixed 1.10.9-3.1

    The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group.