CVE - CVE-2024-34702

CVE-ID
CVE-2024-34702	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e URL:https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e MISC:https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac URL:https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac MISC:https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1 URL:https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1 MISC:https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf URL:https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf MISC:https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41 URL:https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41 MISC:https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8 URL:https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8 MISC:https://github.com/randombit/botan/pull/4034 URL:https://github.com/randombit/botan/pull/4034 MISC:https://github.com/randombit/botan/pull/4045 URL:https://github.com/randombit/botan/pull/4045 MISC:https://github.com/randombit/botan/pull/4047 URL:https://github.com/randombit/botan/pull/4047 MISC:https://github.com/randombit/botan/pull/4052 URL:https://github.com/randombit/botan/pull/4052 MISC:https://github.com/randombit/botan/pull/4186 URL:https://github.com/randombit/botan/pull/4186 MISC:https://github.com/randombit/botan/pull/4187 URL:https://github.com/randombit/botan/pull/4187 MISC:https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j URL:https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20240507	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240507)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.