Every CVE whose affected-product data names Botan Project Botan, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (35)
CVE-2016-2195 — CVSS 9.8 (critical): Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory…
CVE-2016-6878 — CVSS 9.8 (critical): The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified…
CVE-2016-2196 — CVSS 9.8 (critical): Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of…
CVE-2015-7826 — CVSS 9.8 (critical): botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified…
CVE-2021-24115 — CVSS 9.8 (critical): In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and…
CVE-2018-9127 — CVSS 9.8 (critical): Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames…
CVE-2016-9132 — CVSS 9.8 (critical): In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be…
CVE-2026-34582 — CVSS 9.1 (critical): Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed…
CVE-2022-43705 — CVSS 9.1 (critical): In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan…
CVE-2026-32877 — CVSS 8.2 (high): Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the…
CVE-2017-7252 — CVSS 7.5 (high): bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes…
CVE-2014-9742 — CVSS 7.5 (high): The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it…
CVE-2015-5726 — CVSS 7.5 (high): The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application…
CVE-2015-5727 — CVSS 7.5 (high): The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory…
CVE-2015-7824 — CVSS 7.5 (high): botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC…
CVE-2015-7825 — CVSS 7.5 (high): botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and…
CVE-2015-7827 — CVSS 7.5 (high): Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time…
CVE-2016-2194 — CVSS 7.5 (high): The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop)…
CVE-2016-2849 — CVSS 7.5 (high): Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k…
CVE-2016-2850 — CVSS 7.5 (high): Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to…
CVE-2016-6879 — CVSS 7.5 (high): The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging…
CVE-2018-9860 — CVSS 7.5 (high): An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could…
CVE-2026-34580 — CVSS 7.5 (high): Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a misleading name; it would return…
CVE-2026-44378 — CVSS 7.5 (high): Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic…
CVE-2017-2801 — CVSS 6.5 (medium): A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead…
CVE-2016-8871 — CVSS 6.2 (medium): In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient…
CVE-2024-50383 — CVSS 5.9 (medium): Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in…
CVE-2021-40529 — CVSS 5.9 (medium): The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during…
CVE-2024-50382 — CVSS 5.9 (medium): Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in…
CVE-2018-20187 — CVSS 5.9 (medium): A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation…
CVE-2018-12435 — CVSS 5.9 (medium): Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number…
CVE-2026-32883 — CVSS 5.9 (medium): Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked…
CVE-2026-32884 — CVSS 5.9 (medium): Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which…
CVE-2017-14737 — CVSS 5.5 (medium): A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local…
CVE-2024-39312 — CVSS 5.3 (medium): Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit…