Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201701-23
HistoryJan 11, 2017 - 12:00 a.m.

Botan: Multiple vulnerabilities

2017-01-1100:00:00
Gentoo Foundation
security.gentoo.org
35

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.006

Percentile

79.2%

JSON

Background

Botan (Japanese for peony) is a cryptography library written in C++11.

Description

Multiple vulnerabilities have been discovered in Botan. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker might obtain ECDSA secret keys via a timing side-channel attack or could possibly bypass TLS policy.

Workaround

There is no known workaround at this time.

Resolution

All Botan users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/botan-1.10.13"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-libs/botan< 1.10.13UNKNOWN

Related

archlinux 1
nessus 6
openvas 6
fedora 3
ubuntucve 2
cvelist 2
debiancve 2
prion 2
ibm 1
cve 2
nvd 2
mageia 1
freebsd 1
debian 3
osv 3
archlinux
archlinux
botan: multiple issues
2016-03-24 00:00:00
nessus
nessus
GLSA-201701-23 : Botan: Multiple vulnerabilities
2017-01-12 00:00:00
Fedora 24 : botan-1.10.13-1.fc24 (2016-a545f81683)
2016-05-09 00:00:00
FreeBSD : botan -- multiple vulnerabilities (ac0900df-31d0-11e6-8e82-002590263bf5)
2016-06-14 00:00:00
openvas
openvas
Fedora Update for botan FEDORA-2016-fe0d8f126a
2016-06-08 00:00:00
Fedora Update for botan FEDORA-2016-f2aae0dbc5
2016-06-08 00:00:00
Mageia: Security Advisory (MGASA-2016-0208)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: botan-1.10.13-1.fc23
2016-05-15 05:36:49
[SECURITY] Fedora 24 Update: botan-1.10.13-1.fc24
2016-05-07 12:21:54
[SECURITY] Fedora 22 Update: botan-1.10.13-1.fc22
2016-05-16 14:57:35
ubuntucve
ubuntucve
CVE-2016-2849
2016-05-13 00:00:00
CVE-2016-2850
2016-05-13 00:00:00
cvelist
cvelist
CVE-2016-2849
2016-05-13 14:00:00
CVE-2016-2850
2016-05-13 14:00:00
debiancve
debiancve
CVE-2016-2849
2016-05-13 14:59:00
CVE-2016-2850
2016-05-13 14:59:00
prion
prion
Code injection
2016-05-13 14:59:00
Code injection
2016-05-13 14:59:00
ibm
ibm
Security Bulletin: A vulnerability in Open Source Botan affects IBM Netezza Platform Software clients (CVE-2016-2849).
2019-10-18 03:10:29
cve
cve
CVE-2016-2850
2016-05-13 14:59:11
CVE-2016-2849
2016-05-13 14:59:10
nvd
nvd
CVE-2016-2850
2016-05-13 14:59:11
CVE-2016-2849
2016-05-13 14:59:10
mageia
mageia
Updated botan packages fix security vulnerabilities
2016-05-29 16:55:26
freebsd
freebsd
botan -- multiple vulnerabilities
2016-04-28 00:00:00
debian
debian
[SECURITY] [DSA 3565-1] botan1.10 security update
2016-05-02 13:02:16
[SECURITY] [DSA 3565-1] botan1.10 security update
2016-05-02 13:02:16
[SECURITY] [DLA 449-1] botan1.10 security update
2016-04-30 11:48:27
osv
osv
botan1.10 - security update
2016-05-02 00:00:00
libbotan-1_10-1-1.10.13-1.1 on GA media
2024-06-15 00:00:00
botan1.10 - security update
2016-04-30 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.006

Percentile

79.2%

JSON
Related for GLSA-201701-23
archlinux1nessus6openvas6fedora3ubuntucve2cvelist2debiancve2prion2ibm1cve2nvd2mageia1freebsd1debian3osv3