Skip to main content

Fedora CVE-2015-7827

HIGH
Information Exposure (CWE-200)
2016-05-13 cve@mitre.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 13, 2016 - 14:59 cve.org
HIGH 7.5

DescriptionCVE.org

Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.

AnalysisAI

Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding. Affected products include: Fedoraproject Fedora, Botan Project Botan, Debian Debian Linux. Version information: before 1.10.13.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

More in Botan

View all
CVE-2016-2195 CRITICAL
9.8 May 13

Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers t

CVE-2016-2196 CRITICAL
9.8 May 13

Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cau

CVE-2017-2801 MEDIUM POC
6.5 May 24

A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string compariso

CVE-2024-50383 MEDIUM POC
5.9 Oct 23

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/d

CVE-2024-50382 MEDIUM POC
5.9 Oct 23

Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils

CVE-2021-40529 MEDIUM POC
5.9 Sep 06

The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery

CVE-2018-12435 MEDIUM POC
5.9 Jun 15

Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of

CVE-2015-7826 CRITICAL
9.8 Apr 10

botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers t

CVE-2016-6878 CRITICAL
9.8 Apr 10

The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to

CVE-2016-9132 CRITICAL
9.8 Jan 30

In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect l

CVE-2021-24115 CRITICAL
9.8 Feb 22

In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, ba

CVE-2018-9127 CRITICAL
9.8 Apr 02

Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as v

Share

CVE-2015-7827 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy