CPE-CC6C5E2F-ADBB-47F7-A6F7-6F680EC5453C Detail

CPE Details

Botan Project Botan 2.6.0

Vendor

botan_project

Product

botan

Version

2.6.0

Created

2018-05-16
14h29 +00:00

Modified

2018-05-16
14h29 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:botan_project:botan:2.6.0:::::::*

Informations

Vendor

botan_project

Product

botan

Version

2.6.0

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2022-43705	2022-11-26 23h00 +00:00	In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).	9.1	Critical
CVE-2021-40529	2021-09-06 16h45 +00:00	The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.	5.9	Medium
CVE-2021-24115	2021-02-22 00h57 +00:00	In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).	9.8	Critical
CVE-2018-20187	2019-03-08 18h00 +00:00	A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement.	5.9	Medium
CVE-2018-12435	2018-06-15 00h00 +00:00	Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.	5.9	Medium

Botan Project Botan 2.6.0

CPE Details

CPE Name: cpe:2.3:a:botan_project:botan:2.6.0:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:botan_project:botan:2.6.0:::::::*