Botan Project: >> Botan >> 1.10.10 Security Vulnerabilities
Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.
CVSS Score
9.8
EPSS Score
0.057
Published
2016-05-13
The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.
CVSS Score
7.5
EPSS Score
0.017
Published
2016-05-13
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
CVSS Score
7.5
EPSS Score
0.006
Published
2016-05-13
Page 2