Your submission was sent successfully! Close

CVE-2016-2850

Published: 13 May 2016

Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

Notes

AuthorNote
mdeslaur
introduced in 1.11.0
Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
botan1.10
Launchpad, Ubuntu, Debian
precise Not vulnerable

trusty Does not exist
(trusty was not-affected)
upstream Needs triage

wily Not vulnerable

xenial Not vulnerable