VDB
CVE-2024-39312
CVE-2024-39312
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtrees and excluded subtrees, only the permitted subtree would be checked. If a certificate included a name which was permitted by the permitted subtree but also excluded by excluded subtree, it would be accepted. Fixed in versions 3.5.0 and 2.19.5.
EPSS 0.28% · 51.6th percentile
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.28%
51.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| randombit | botan | 0, 3.0.0, 0 |
| botan_project | botan | 0, 3.0.0, 3.0.0 |
| randombit | botan | >= 3.0.0, < 3.5.0, *, < 2.19.5 |
Timeline
- Jan 21, 1970 Security Advisory
- Jul 8, 2024 CVE Published
- Jul 8, 2024 PoC Published
- Jul 9, 2024 EPSS Score
- Jul 31, 2024 EPSS Score
- Aug 22, 2024 EPSS Score
- Sep 13, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 5, 2024 EPSS Score
- Oct 27, 2024 EPSS Score
- Nov 18, 2024 EPSS Score
- Dec 11, 2024 EPSS Score