Botan_project Botan
19 CVEs affecting Botan_project Botan. Latest disclosed: 2026-05-27. Critical: 5, High: 11.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-6878 | Critical | 9.8 | 2017-04-10 | The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors rel… |
CVE-2015-7826 | Critical | 9.8 | 2017-04-10 | botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X… |
CVE-2016-9132 | Critical | 9.8 | 2017-01-30 | In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API ca… |
CVE-2016-2196 | Critical | 9.8 | 2016-05-13 | Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (memory overwrit… |
CVE-2016-2195 | Critical | 9.8 | 2016-05-13 | Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute… |
CVE-2026-44378 | High | 7.5 | 2026-05-27 | Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser… |
CVE-2016-6879 | High | 7.5 | 2017-04-10 | The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more tha… |
CVE-2015-7825 | High | 7.5 | 2017-04-10 | botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption)… |
CVE-2015-7824 | High | 7.5 | 2017-04-10 | botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites. |
CVE-2016-2850 | High | 7.5 | 2016-05-13 | Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade att… |
CVE-2016-2849 | High | 7.5 | 2016-05-13 | Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow re… |
CVE-2016-2194 | High | 7.5 | 2016-05-13 | The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified inpu… |
CVE-2015-7827 | High | 7.5 | 2016-05-13 | Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to… |
CVE-2015-5727 | High | 7.5 | 2016-05-13 | The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecif… |
CVE-2015-5726 | High | 7.5 | 2016-05-13 | The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty… |
CVE-2014-9742 | High | 7.5 | 2016-05-13 | The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attacke… |
CVE-2017-2801 | Medium | 6.5 | 2017-05-24 | A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate veri… |
CVE-2016-8871 | Medium | 6.2 | 2016-10-28 | In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to r… |
CVE-2017-14737 | Medium | 5.5 | 2017-09-26 | A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover… |