CVE-2016-2850

Опубликовано: 13 мая 2016

Источник: ubuntu

Приоритет: medium

CVSS2: 5

CVSS3: 7.5

Описание

Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

Релиз	Статус	Примечание
devel	not-affected
esm-apps/xenial	not-affected
esm-infra-legacy/trusty	not-affected
precise	not-affected
trusty	not-affected
trusty/esm	not-affected
upstream	needs-triage
vivid/stable-phone-overlay	DNE
vivid/ubuntu-core	DNE
wily	not-affected

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2016-2850

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2016-2850

CVSS3: 7.5

nvd

больше 9 лет назад

Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

CVE-2016-2850

CVSS3: 7.5

debian

больше 9 лет назад

Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signat ...

GHSA-q2v2-6g2j-qv56

CVSS3: 7.5

github

больше 3 лет назад

Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2016-2850

Описание

Пакет botan1.10

Ссылки на источники

Связанные уязвимости