CVE-2016-6879 — Project Botan vulnerability

CWE-3202 documents2 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 59.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Botan Project Botan

Timeline

PublishedApr 10

Latest updateMay 17

Description

The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDbotan_project/botan31 versions+30

🔴Vulnerability Details

GHSA

GHSA-7rqp-c4g7-r3f5: The X509_Certificate::allowed_usage function in botan 1↗2022-05-17

▶