CVE-2024-34702 — Asymmetric Resource Consumption (Amplification) in Botan

CWE-405 — Asymmetric Resource Consumption (Amplification)5 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.4%

top 36.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Randombit Botan Botan Project Botan Debian Botan

Timeline

PublishedJul 8

Latest updateJun 23

Description

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, c…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶debiandebian/botan< botan 2.19.3+dfsg-1+deb12u1 (bookworm)

▶CVEListV5randombit/botan< 2.19.5+1

▶Debianbotan_project/botan< 2.19.3+dfsg-1+deb12u1+1

▶Ubuntubotan_project/botan< 2.19.1+dfsg-2ubuntu1+esm1+1

🔴Vulnerability Details

OSV

botan vulnerabilities↗2025-06-23

▶

OSV

CVE-2024-34702: Botan is a C++ cryptography library↗2024-07-08

▶

📋Vendor Advisories

Ubuntu

Botan vulnerabilities↗2025-06-23

▶

Debian

CVE-2024-34702: botan - Botan is a C++ cryptography library. X.509 certificates can identify elliptic cu...↗2024

▶