9 results (0.036 seconds)

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtrees and excluded subtrees, only the permitted subtree would be checked. If a certificate included a name which was permitted by the permitted subtree but also excluded by excluded subtree, it would be accepted. Fixed in versions 3.5.0 and 2.19.5. • https://github.com/randombit/botan/security/advisories/GHSA-jp24-56jm-gg86 • CWE-295: Improper Certificate Validation •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5. • https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1 https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41 https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8 https://github.com/randombit/botan/pull/4034 https://github.com/randombit/botan& • CWE-405: Asymmetric Resource Consumption (Amplification) •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. • https://github.com/randombit/botan/commit/08c404b23740babee1f6aa51b54e966029aadee4 https://github.com/randombit/botan/commit/94e9154c143aa5264da6254a6a1be5bc66ee2b5a https://github.com/randombit/botan/security/advisories/GHSA-w4g2-7m2h-7xj7 • CWE-405: Asymmetric Resource Consumption (Amplification) CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016). En Botan anterior a 2.19.3, es posible falsificar respuestas OCSP debido a un error de verificación de certificado. Este problema se introdujo en Botan 1.11.34 (noviembre de 2016). • https://github.com/randombit/botan/releases/tag/2.19.3 https://github.com/randombit/botan/security/advisories/GHSA-4v9w-qvcq-6q7w • CWE-295: Improper Certificate Validation •

CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 1

The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. Una implementación de ElGamal en Botan versiones hasta 2.18.1, tal y como se usa en Thunderbird y otros productos, permite una recuperación de texto plano porque, durante la interacción entre dos bibliotecas criptográficas, una determinada combinación peligrosa del primo definido por la clave pública del receptor, el generador definido por la clave pública del receptor y los exponentes efímeros del emisor puede conllevar a un ataque de configuración cruzada contra OpenPGP. • https://eprint.iacr.org/2021/923 https://github.com/randombit/botan/pull/2790 https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/72NB4OLD3VHJC3YF3PEP2HKF6BYURPAO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPHGYWNJQKWLTUWBNSFB4F66MQDIL3IB https://security • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •