AI Score
Confidence
High
EPSS
Percentile
72.2%
Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
botan.randombit.net/security.html
lists.fedoraproject.org/pipermail/package-announce/2016-May/183669.html
marc.info/?l=botan-devel&m=145852488622892&w=2
security.gentoo.org/glsa/201701-23