CVE-2024-34702

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-34702
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-34702.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-34702
Aliases
  • GHSA-5gg9-hqpr-r58j
Related
Published
2024-07-08T17:15:11Z
Modified
2024-12-05T15:40:30.166958Z
Summary
[none]
Details

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.

References

Affected packages

Alpine:v3.17 / botan

Package

Name
botan
Purl
pkg:apk/alpine/botan?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.19.5-r0

Affected versions

2.*

2.4.0-r0
2.4.0-r1
2.4.0-r2
2.5.0-r0
2.6.0-r0
2.7.0-r0
2.7.0-r1
2.7.0-r2
2.8.0-r0
2.9.0-r0
2.9.0-r1
2.11.0-r0
2.11.0-r1
2.11.0-r2
2.11.0-r3
2.11.0-r4
2.11.0-r5
2.11.0-r6
2.17.3-r0
2.17.3-r1
2.17.3-r2
2.18.1-r0
2.18.1-r1
2.18.1-r2
2.18.1-r3
2.18.1-r4
2.19.1-r0
2.19.1-r1
2.19.1-r2
2.19.1-r3
2.19.2-r0
2.19.2-r1
2.19.3-r0

Alpine:v3.18 / botan

Package

Name
botan
Purl
pkg:apk/alpine/botan?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.19.5-r0

Affected versions

2.*

2.4.0-r0
2.4.0-r1
2.4.0-r2
2.5.0-r0
2.6.0-r0
2.7.0-r0
2.7.0-r1
2.7.0-r2
2.8.0-r0
2.9.0-r0
2.9.0-r1
2.11.0-r0
2.11.0-r1
2.11.0-r2
2.11.0-r3
2.11.0-r4
2.11.0-r5
2.11.0-r6
2.17.3-r0
2.17.3-r1
2.17.3-r2
2.18.1-r0
2.18.1-r1
2.18.1-r2
2.18.1-r3
2.18.1-r4
2.19.1-r0
2.19.1-r1
2.19.1-r2
2.19.1-r3
2.19.2-r0
2.19.2-r1
2.19.3-r0
2.19.3-r1
2.19.3-r2
2.19.3-r3

Alpine:v3.19 / botan

Package

Name
botan
Purl
pkg:apk/alpine/botan?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.19.5-r0

Affected versions

2.*

2.4.0-r0
2.4.0-r1
2.4.0-r2
2.5.0-r0
2.6.0-r0
2.7.0-r0
2.7.0-r1
2.7.0-r2
2.8.0-r0
2.9.0-r0
2.9.0-r1
2.11.0-r0
2.11.0-r1
2.11.0-r2
2.11.0-r3
2.11.0-r4
2.11.0-r5
2.11.0-r6
2.17.3-r0
2.17.3-r1
2.17.3-r2
2.18.1-r0
2.18.1-r1
2.18.1-r2
2.18.1-r3
2.18.1-r4
2.19.1-r0
2.19.1-r1
2.19.1-r2
2.19.1-r3
2.19.2-r0
2.19.2-r1
2.19.3-r0
2.19.3-r1
2.19.3-r2
2.19.3-r3
2.19.3-r4
2.19.3-r5

Alpine:v3.20 / botan

Package

Name
botan
Purl
pkg:apk/alpine/botan?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.19.5-r0

Affected versions

2.*

2.4.0-r0
2.4.0-r1
2.4.0-r2
2.5.0-r0
2.6.0-r0
2.7.0-r0
2.7.0-r1
2.7.0-r2
2.8.0-r0
2.9.0-r0
2.9.0-r1
2.11.0-r0
2.11.0-r1
2.11.0-r2
2.11.0-r3
2.11.0-r4
2.11.0-r5
2.11.0-r6
2.17.3-r0
2.17.3-r1
2.17.3-r2
2.18.1-r0
2.18.1-r1
2.18.1-r2
2.18.1-r3
2.18.1-r4
2.19.1-r0
2.19.1-r1
2.19.1-r2
2.19.1-r3
2.19.2-r0
2.19.2-r1
2.19.3-r0
2.19.3-r1
2.19.3-r2
2.19.3-r3
2.19.3-r4
2.19.3-r5
2.19.3-r6
2.19.4-r0

Alpine:v3.21 / botan

Package

Name
botan
Purl
pkg:apk/alpine/botan?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.19.5-r0

Affected versions

2.*

2.4.0-r0
2.4.0-r1
2.4.0-r2
2.5.0-r0
2.6.0-r0
2.7.0-r0
2.7.0-r1
2.7.0-r2
2.8.0-r0
2.9.0-r0
2.9.0-r1
2.11.0-r0
2.11.0-r1
2.11.0-r2
2.11.0-r3
2.11.0-r4
2.11.0-r5
2.11.0-r6
2.17.3-r0
2.17.3-r1
2.17.3-r2
2.18.1-r0
2.18.1-r1
2.18.1-r2
2.18.1-r3
2.18.1-r4
2.19.1-r0
2.19.1-r1
2.19.1-r2
2.19.1-r3
2.19.2-r0
2.19.2-r1
2.19.3-r0
2.19.3-r1
2.19.3-r2
2.19.3-r3
2.19.3-r4
2.19.3-r5
2.19.3-r6
2.19.4-r0

Alpine:v3.21 / botan3

Package

Name
botan3
Purl
pkg:apk/alpine/botan3?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.0-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.2.0-r0
3.2.0-r1
3.2.0-r2
3.4.0-r0

Debian:11 / botan

Package

Name
botan
Purl
pkg:deb/debian/botan?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.17.3+dfsg-2
2.17.3+dfsg-3
2.18.1+dfsg-1
2.18.1+dfsg-2
2.18.1+dfsg-3
2.18.2+dfsg-1
2.19.1+dfsg-1
2.19.1+dfsg-2
2.19.1+dfsg-3
2.19.2+dfsg-1
2.19.3+dfsg-1
2.19.4+dfsg-1
2.19.5+dfsg-1
2.19.5+dfsg-2
2.19.5+dfsg-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / botan

Package

Name
botan
Purl
pkg:deb/debian/botan?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.19.3+dfsg-1
2.19.4+dfsg-1
2.19.5+dfsg-1
2.19.5+dfsg-2
2.19.5+dfsg-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / botan

Package

Name
botan
Purl
pkg:deb/debian/botan?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.19.5+dfsg-1

Affected versions

2.*

2.19.3+dfsg-1
2.19.4+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/randombit/botan

Affected ranges

Type
GIT
Repo
https://github.com/randombit/botan
Events

Affected versions

1.*

1.10.0
1.10.0-rc1
1.10.1
1.11.0
1.11.1
1.11.10
1.11.11
1.11.12
1.11.13
1.11.14
1.11.15
1.11.16
1.11.17
1.11.18
1.11.19
1.11.2
1.11.20
1.11.21
1.11.22
1.11.23
1.11.24
1.11.25
1.11.26
1.11.27
1.11.28
1.11.29
1.11.3
1.11.30
1.11.31
1.11.32
1.11.33
1.11.34
1.11.4
1.11.5
1.11.6
1.11.7
1.11.8
1.11.9
1.5.10
1.5.11
1.5.12
1.5.13
1.5.6
1.5.7
1.5.8
1.5.9
1.6.0
1.6.1
1.6.2
1.6.3
1.7.0
1.7.1
1.7.10
1.7.11
1.7.12
1.7.13
1.7.14
1.7.15
1.7.16
1.7.17
1.7.18
1.7.19
1.7.2
1.7.20
1.7.21
1.7.22
1.7.23
1.7.24
1.7.3
1.7.4
1.7.5
1.7.6
1.7.7
1.7.8
1.7.9
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.8.8
1.9.0
1.9.1
1.9.10
1.9.11
1.9.12
1.9.13
1.9.14
1.9.15
1.9.16
1.9.17
1.9.18
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9

2.*

2.0.0
2.0.1
2.1.0
2.10.0
2.11.0
2.12.0
2.12.1
2.13.0
2.14.0
2.15.0
2.16.0
2.17.0
2.17.1
2.17.2
2.17.3
2.18.0
2.18.1
2.18.2
2.19.0
2.19.1
2.19.2
2.19.3
2.19.4
2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.8.0
2.9.0

3.*

3.0.0
3.0.0-alpha0
3.0.0-alpha1
3.0.0-rc1
3.1.0
3.1.1
3.2.0
3.3.0
3.4.0