UBUNTU-CVE-2024-34702

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-34702

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-34702.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-34702

Related

CVE-2024-34702

Published

2024-07-08T17:15:00Z

Modified

2024-10-15T14:14:11Z

Summary

[none]

Details

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.

References

Affected packages

Ubuntu:Pro:18.04:LTS / botan

Package

Name: botan
Purl: pkg:deb/ubuntu/botan?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.0-3

2.4.0-4

2.4.0-5ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / botan

Package

Name: botan
Purl: pkg:deb/ubuntu/botan?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.9.0-2

2.9.0-2build1

2.12.1-2

2.12.1-2build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / botan

Package

Name: botan
Purl: pkg:deb/ubuntu/botan?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.17.3+dfsg-3

2.19.1+dfsg-2ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / botan

Package

Name: botan
Purl: pkg:deb/ubuntu/botan?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.19.3+dfsg-1ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / botan

Package

Name: botan
Purl: pkg:deb/ubuntu/botan?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.19.3+dfsg-1ubuntu1

2.19.3+dfsg-1ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}