What is CVE-2016-2850?

CVE-2016-2850 is a high-severity vulnerability in Botan_project Botan, classified under Improper Input Validation. CVSS score: 7.5/10. Published 2016-05-13.

How severe is CVE-2016-2850?

High severity. CVSS v3 base score is 7.5 out of 10.

Improper input validation in Botan_project Botan

CVE-2016-2850

Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (63.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Botan_project Botan — versions 1.11.0, 1.11.1, 1.11.2
Fedoraproject Fedora — versions 24
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

[botan-devel] 20160321 Botan 1.11.29 released (Vendor Advisory, mailing-list, x_refsource_MLIST)
FEDORA-2016-a545f81683 (x_refsource_FEDORA, vendor-advisory)
GLSA-201701-23 (vendor-advisory, x_refsource_GENTOO)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2016-2850?: CVE-2016-2850 is a high-severity vulnerability in Botan_project Botan, classified under Improper Input Validation. CVSS score: 7.5/10. Published 2016-05-13.
How severe is CVE-2016-2850?: High severity. CVSS v3 base score is 7.5 out of 10.