CVE-2015-7824

Published: Apr 10, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites.

Affected (1)

Products: Botan Project: Botan

Botan Project

1 product

Botan

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Botan Project Botan	Up to 1.11.21

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://botan.randombit.net/security.html#id3

Source: cve@mitre.org

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1311613

Source: cve@mitre.org

Issue TrackingThird Party AdvisoryVDB Entry

https://botan.randombit.net/security.html#id3

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1311613

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party AdvisoryVDB Entry

Timeline

No history available yet.