rpm package
suse/Botan&distro=SUSE Linux Enterprise Software Development Kit 12 SP2
pkg:rpm/suse/Botan&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-14737 | Med | 5.5 | < 1.10.9-4.3.1 | 1.10.9-4.3.1 | Sep 26, 2017 | A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived | |
| CVE-2017-2801 | Med | 6.5 | < 1.10.9-3.1 | 1.10.9-3.1 | May 24, 2017 | A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server applic | |
| CVE-2016-9132 | Cri | 9.8 | < 1.10.9-3.1 | 1.10.9-3.1 | Jan 30, 2017 | In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption | |
| CVE-2016-2849 | Hig | 7.5 | < 1.10.9-3.1 | 1.10.9-3.1 | May 13, 2016 | Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack. | |
| CVE-2016-2195 | Cri | 9.8 | < 1.10.9-3.1 | 1.10.9-3.1 | May 13, 2016 | Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow. | |
| CVE-2016-2194 | Hig | 7.5 | < 1.10.9-3.1 | 1.10.9-3.1 | May 13, 2016 | The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus. | |
| CVE-2015-7827 | Hig | 7.5 | < 1.10.9-3.1 | 1.10.9-3.1 | May 13, 2016 | Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding. | |
| CVE-2015-5727 | Hig | 7.5 | < 1.10.9-3.1 | 1.10.9-3.1 | May 13, 2016 | The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field. | |
| CVE-2015-5726 | Hig | 7.5 | < 1.10.9-3.1 | 1.10.9-3.1 | May 13, 2016 | The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data. | |
| CVE-2014-9742 | Hig | 7.5 | < 1.10.9-3.1 | 1.10.9-3.1 | May 13, 2016 | The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group. |
- affected < 1.10.9-4.3.1fixed 1.10.9-4.3.1
A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived
- affected < 1.10.9-3.1fixed 1.10.9-3.1
A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server applic
- affected < 1.10.9-3.1fixed 1.10.9-3.1
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption
- affected < 1.10.9-3.1fixed 1.10.9-3.1
Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.
- affected < 1.10.9-3.1fixed 1.10.9-3.1
Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.
- affected < 1.10.9-3.1fixed 1.10.9-3.1
The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.
- affected < 1.10.9-3.1fixed 1.10.9-3.1
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
- affected < 1.10.9-3.1fixed 1.10.9-3.1
The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field.
- affected < 1.10.9-3.1fixed 1.10.9-3.1
The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.
- affected < 1.10.9-3.1fixed 1.10.9-3.1
The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group.