cvelistv5 - cve-2024-34702

CVE-2024-34702 (GCVE-0-2024-34702)

Vulnerability from cvelistv5 – Published: 2024-07-08 16:22 – Updated: 2024-08-02 02:59

Summary

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-405 - Asymmetric Resource Consumption (Amplification)

Assigner

GitHub_M

References

URL

Tags

	https://github.com/randombit/botan/security/advis…	x_refsource_CONFIRM
	https://github.com/randombit/botan/pull/4034	x_refsource_MISC
	https://github.com/randombit/botan/pull/4045	x_refsource_MISC
	https://github.com/randombit/botan/pull/4047	x_refsource_MISC
	https://github.com/randombit/botan/pull/4052	x_refsource_MISC
	https://github.com/randombit/botan/pull/4186	x_refsource_MISC
	https://github.com/randombit/botan/pull/4187	x_refsource_MISC
	https://github.com/randombit/botan/commit/21dccc8…	x_refsource_MISC
	https://github.com/randombit/botan/commit/39535f1…	x_refsource_MISC
	https://github.com/randombit/botan/commit/477822a…	x_refsource_MISC
	https://github.com/randombit/botan/commit/7606d70…	x_refsource_MISC
	https://github.com/randombit/botan/commit/c326482…	x_refsource_MISC
	https://github.com/randombit/botan/commit/ff704b1…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	randombit	botan	Affected: < 2.19.5 Affected: >= 3.0.0, < 3.5.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:randombit:botan:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "botan",
            "vendor": "randombit",
            "versions": [
              {
                "lessThan": "3.5.0",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "2.19.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34702",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-08T17:49:00.765800Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-08T20:14:23.465Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:59:22.209Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j"
          },
          {
            "name": "https://github.com/randombit/botan/pull/4034",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/randombit/botan/pull/4034"
          },
          {
            "name": "https://github.com/randombit/botan/pull/4045",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/randombit/botan/pull/4045"
          },
          {
            "name": "https://github.com/randombit/botan/pull/4047",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/randombit/botan/pull/4047"
          },
          {
            "name": "https://github.com/randombit/botan/pull/4052",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/randombit/botan/pull/4052"
          },
          {
            "name": "https://github.com/randombit/botan/pull/4186",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/randombit/botan/pull/4186"
          },
          {
            "name": "https://github.com/randombit/botan/pull/4187",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/randombit/botan/pull/4187"
          },
          {
            "name": "https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e"
          },
          {
            "name": "https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac"
          },
          {
            "name": "https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1"
          },
          {
            "name": "https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf"
          },
          {
            "name": "https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41"
          },
          {
            "name": "https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "botan",
          "vendor": "randombit",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.19.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.5.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters.  Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-405",
              "description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-08T16:22:37.770Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j"
        },
        {
          "name": "https://github.com/randombit/botan/pull/4034",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/randombit/botan/pull/4034"
        },
        {
          "name": "https://github.com/randombit/botan/pull/4045",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/randombit/botan/pull/4045"
        },
        {
          "name": "https://github.com/randombit/botan/pull/4047",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/randombit/botan/pull/4047"
        },
        {
          "name": "https://github.com/randombit/botan/pull/4052",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/randombit/botan/pull/4052"
        },
        {
          "name": "https://github.com/randombit/botan/pull/4186",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/randombit/botan/pull/4186"
        },
        {
          "name": "https://github.com/randombit/botan/pull/4187",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/randombit/botan/pull/4187"
        },
        {
          "name": "https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e"
        },
        {
          "name": "https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac"
        },
        {
          "name": "https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1"
        },
        {
          "name": "https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf"
        },
        {
          "name": "https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41"
        },
        {
          "name": "https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8"
        }
      ],
      "source": {
        "advisory": "GHSA-5gg9-hqpr-r58j",
        "discovery": "UNKNOWN"
      },
      "title": "Botan has a Denial of Service Due to Excessive Name Constraints"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-34702",
    "datePublished": "2024-07-08T16:22:37.770Z",
    "dateReserved": "2024-05-07T13:53:00.132Z",
    "dateUpdated": "2024-08-02T02:59:22.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters.  Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.\"}, {\"lang\": \"es\", \"value\": \"Botan es una librer\\u00eda de criptograf\\u00eda C++. Los certificados X.509 pueden identificar curvas el\\u00edpticas utilizando un identificador de objeto o una codificaci\\u00f3n expl\\u00edcita de los par\\u00e1metros. Antes de 3.5.0 y 2.19.5, la verificaci\\u00f3n de las restricciones de nombres en los certificados X.509 era cuadr\\u00e1tica en el n\\u00famero de nombres y restricciones de nombres. Un atacante que presentara una cadena de certificados que contuviera una gran cantidad de nombres en el SubjectAlternativeName, firmado por un certificado de CA que contuviera una gran cantidad de restricciones de nombres, podr\\u00eda provocar una denegaci\\u00f3n de servicio. El problema se solucion\\u00f3 en Botan 3.5.0 y tambi\\u00e9n se aplic\\u00f3 un backport parcial que se incluye en Botan 2.19.5.\"}]",
      "id": "CVE-2024-34702",
      "lastModified": "2024-11-21T09:19:13.673",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
      "published": "2024-07-08T17:15:11.233",
      "references": "[{\"url\": \"https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/randombit/botan/pull/4034\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/randombit/botan/pull/4045\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/randombit/botan/pull/4047\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/randombit/botan/pull/4052\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/randombit/botan/pull/4186\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/randombit/botan/pull/4187\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/randombit/botan/pull/4034\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/randombit/botan/pull/4045\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/randombit/botan/pull/4047\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/randombit/botan/pull/4052\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/randombit/botan/pull/4186\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/randombit/botan/pull/4187\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-405\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-34702\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-07-08T17:15:11.233\",\"lastModified\":\"2024-11-21T09:19:13.673\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters.  Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.\"},{\"lang\":\"es\",\"value\":\"Botan es una librer\u00eda de criptograf\u00eda C++. Los certificados X.509 pueden identificar curvas el\u00edpticas utilizando un identificador de objeto o una codificaci\u00f3n expl\u00edcita de los par\u00e1metros. Antes de 3.5.0 y 2.19.5, la verificaci\u00f3n de las restricciones de nombres en los certificados X.509 era cuadr\u00e1tica en el n\u00famero de nombres y restricciones de nombres. Un atacante que presentara una cadena de certificados que contuviera una gran cantidad de nombres en el SubjectAlternativeName, firmado por un certificado de CA que contuviera una gran cantidad de restricciones de nombres, podr\u00eda provocar una denegaci\u00f3n de servicio. El problema se solucion\u00f3 en Botan 3.5.0 y tambi\u00e9n se aplic\u00f3 un backport parcial que se incluye en Botan 2.19.5.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-405\"}]}],\"references\":[{\"url\":\"https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/randombit/botan/pull/4034\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/randombit/botan/pull/4045\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/randombit/botan/pull/4047\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/randombit/botan/pull/4052\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/randombit/botan/pull/4186\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/randombit/botan/pull/4187\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/randombit/botan/pull/4034\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/randombit/botan/pull/4045\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/randombit/botan/pull/4047\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/randombit/botan/pull/4052\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/randombit/botan/pull/4186\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/randombit/botan/pull/4187\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j\", \"name\": \"https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/randombit/botan/pull/4034\", \"name\": \"https://github.com/randombit/botan/pull/4034\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/randombit/botan/pull/4045\", \"name\": \"https://github.com/randombit/botan/pull/4045\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/randombit/botan/pull/4047\", \"name\": \"https://github.com/randombit/botan/pull/4047\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/randombit/botan/pull/4052\", \"name\": \"https://github.com/randombit/botan/pull/4052\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/randombit/botan/pull/4186\", \"name\": \"https://github.com/randombit/botan/pull/4186\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/randombit/botan/pull/4187\", \"name\": \"https://github.com/randombit/botan/pull/4187\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e\", \"name\": \"https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac\", \"name\": \"https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1\", \"name\": \"https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf\", \"name\": \"https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41\", \"name\": \"https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8\", \"name\": \"https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T02:59:22.209Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-34702\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-08T17:49:00.765800Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:randombit:botan:*:*:*:*:*:*:*:*\"], \"vendor\": \"randombit\", \"product\": \"botan\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.5.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.19.5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-08T17:59:30.555Z\"}}], \"cna\": {\"title\": \"Botan has a Denial of Service Due to Excessive Name Constraints\", \"source\": {\"advisory\": \"GHSA-5gg9-hqpr-r58j\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"randombit\", \"product\": \"botan\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.19.5\"}, {\"status\": \"affected\", \"version\": \"\u003e= 3.0.0, \u003c 3.5.0\"}]}], \"references\": [{\"url\": \"https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j\", \"name\": \"https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/randombit/botan/pull/4034\", \"name\": \"https://github.com/randombit/botan/pull/4034\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/randombit/botan/pull/4045\", \"name\": \"https://github.com/randombit/botan/pull/4045\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/randombit/botan/pull/4047\", \"name\": \"https://github.com/randombit/botan/pull/4047\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/randombit/botan/pull/4052\", \"name\": \"https://github.com/randombit/botan/pull/4052\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/randombit/botan/pull/4186\", \"name\": \"https://github.com/randombit/botan/pull/4186\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/randombit/botan/pull/4187\", \"name\": \"https://github.com/randombit/botan/pull/4187\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e\", \"name\": \"https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac\", \"name\": \"https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1\", \"name\": \"https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf\", \"name\": \"https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41\", \"name\": \"https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8\", \"name\": \"https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters.  Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-405\", \"description\": \"CWE-405: Asymmetric Resource Consumption (Amplification)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-07-08T16:22:37.770Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-34702\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T02:59:22.209Z\", \"dateReserved\": \"2024-05-07T13:53:00.132Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-07-08T16:22:37.770Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2024-34702

Vulnerability from fkie_nvd - Published: 2024-07-08 17:15 - Updated: 2024-11-21 09:19

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e
	security-advisories@github.com	https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac
	security-advisories@github.com	https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1
	security-advisories@github.com	https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf
	security-advisories@github.com	https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41
	security-advisories@github.com	https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8
	security-advisories@github.com	https://github.com/randombit/botan/pull/4034
	security-advisories@github.com	https://github.com/randombit/botan/pull/4045
	security-advisories@github.com	https://github.com/randombit/botan/pull/4047
	security-advisories@github.com	https://github.com/randombit/botan/pull/4052
	security-advisories@github.com	https://github.com/randombit/botan/pull/4186
	security-advisories@github.com	https://github.com/randombit/botan/pull/4187
	security-advisories@github.com	https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/randombit/botan/pull/4034
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/randombit/botan/pull/4045
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/randombit/botan/pull/4047
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/randombit/botan/pull/4052
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/randombit/botan/pull/4186
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/randombit/botan/pull/4187
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters.  Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5."
    },
    {
      "lang": "es",
      "value": "Botan es una librer\u00eda de criptograf\u00eda C++. Los certificados X.509 pueden identificar curvas el\u00edpticas utilizando un identificador de objeto o una codificaci\u00f3n expl\u00edcita de los par\u00e1metros. Antes de 3.5.0 y 2.19.5, la verificaci\u00f3n de las restricciones de nombres en los certificados X.509 era cuadr\u00e1tica en el n\u00famero de nombres y restricciones de nombres. Un atacante que presentara una cadena de certificados que contuviera una gran cantidad de nombres en el SubjectAlternativeName, firmado por un certificado de CA que contuviera una gran cantidad de restricciones de nombres, podr\u00eda provocar una denegaci\u00f3n de servicio. El problema se solucion\u00f3 en Botan 3.5.0 y tambi\u00e9n se aplic\u00f3 un backport parcial que se incluye en Botan 2.19.5."
    }
  ],
  "id": "CVE-2024-34702",
  "lastModified": "2024-11-21T09:19:13.673",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-08T17:15:11.233",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/randombit/botan/pull/4034"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/randombit/botan/pull/4045"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/randombit/botan/pull/4047"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/randombit/botan/pull/4052"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/randombit/botan/pull/4186"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/randombit/botan/pull/4187"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/randombit/botan/pull/4034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/randombit/botan/pull/4045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/randombit/botan/pull/4047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/randombit/botan/pull/4052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/randombit/botan/pull/4186"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/randombit/botan/pull/4187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-405"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

OPENSUSE-SU-2024:0201-1

Vulnerability from csaf_opensuse - Published: 2024-07-16 06:28 - Updated: 2024-07-16 06:28

Summary

Security update for Botan

Notes

Title of the patch

Security update for Botan

Description of the patch

This update for Botan fixes the following issues: Update to 2.19.5: * Fix multiple Denial of service attacks due to X.509 cert processing: * CVE-2024-34702 - boo#1227238 * CVE-2024-34703 - boo#1227607 * CVE-2024-39312 - boo#1227608 * Fix a crash in OCB * Fix a test failure in compression with certain versions of zlib * Fix some iterator debugging errors in TLS CBC decryption. * Avoid a miscompilation in ARIA when using XCode 14

Patchnames

openSUSE-2024-201

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Botan",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for Botan fixes the following issues:\n\nUpdate to 2.19.5:\n\n* Fix multiple Denial of service attacks due to X.509 cert processing:\n* CVE-2024-34702 - boo#1227238\n* CVE-2024-34703 - boo#1227607\n* CVE-2024-39312 - boo#1227608\n* Fix a crash in OCB\n* Fix a test failure in compression with certain versions of zlib \n* Fix some iterator debugging errors in TLS CBC decryption. \n* Avoid a miscompilation in ARIA when using XCode 14 \n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2024-201",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_0201-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2024:0201-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6IOSLFSD2TJGWL4XB37VIQSVW7SPG2IP/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2024:0201-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6IOSLFSD2TJGWL4XB37VIQSVW7SPG2IP/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1227238",
        "url": "https://bugzilla.suse.com/1227238"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1227607",
        "url": "https://bugzilla.suse.com/1227607"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1227608",
        "url": "https://bugzilla.suse.com/1227608"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-34702 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-34702/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-34703 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-34703/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-39312 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-39312/"
      }
    ],
    "title": "Security update for Botan",
    "tracking": {
      "current_release_date": "2024-07-16T06:28:15Z",
      "generator": {
        "date": "2024-07-16T06:28:15Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:0201-1",
      "initial_release_date": "2024-07-16T06:28:15Z",
      "revision_history": [
        {
          "date": "2024-07-16T06:28:15Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Botan-2.19.5-bp155.2.3.1.aarch64",
                "product": {
                  "name": "Botan-2.19.5-bp155.2.3.1.aarch64",
                  "product_id": "Botan-2.19.5-bp155.2.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
                "product": {
                  "name": "libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
                  "product_id": "libbotan-2-19-2.19.5-bp155.2.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
                "product": {
                  "name": "libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
                  "product_id": "libbotan-devel-2.19.5-bp155.2.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-botan-2.19.5-bp155.2.3.1.aarch64",
                "product": {
                  "name": "python3-botan-2.19.5-bp155.2.3.1.aarch64",
                  "product_id": "python3-botan-2.19.5-bp155.2.3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
                "product": {
                  "name": "libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
                  "product_id": "libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
                "product": {
                  "name": "libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
                  "product_id": "libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Botan-2.19.5-bp155.2.3.1.i586",
                "product": {
                  "name": "Botan-2.19.5-bp155.2.3.1.i586",
                  "product_id": "Botan-2.19.5-bp155.2.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-2-19-2.19.5-bp155.2.3.1.i586",
                "product": {
                  "name": "libbotan-2-19-2.19.5-bp155.2.3.1.i586",
                  "product_id": "libbotan-2-19-2.19.5-bp155.2.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-devel-2.19.5-bp155.2.3.1.i586",
                "product": {
                  "name": "libbotan-devel-2.19.5-bp155.2.3.1.i586",
                  "product_id": "libbotan-devel-2.19.5-bp155.2.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python3-botan-2.19.5-bp155.2.3.1.i586",
                "product": {
                  "name": "python3-botan-2.19.5-bp155.2.3.1.i586",
                  "product_id": "python3-botan-2.19.5-bp155.2.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Botan-doc-2.19.5-bp155.2.3.1.noarch",
                "product": {
                  "name": "Botan-doc-2.19.5-bp155.2.3.1.noarch",
                  "product_id": "Botan-doc-2.19.5-bp155.2.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Botan-2.19.5-bp155.2.3.1.ppc64le",
                "product": {
                  "name": "Botan-2.19.5-bp155.2.3.1.ppc64le",
                  "product_id": "Botan-2.19.5-bp155.2.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
                "product": {
                  "name": "libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
                  "product_id": "libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
                "product": {
                  "name": "libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
                  "product_id": "libbotan-devel-2.19.5-bp155.2.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python3-botan-2.19.5-bp155.2.3.1.ppc64le",
                "product": {
                  "name": "python3-botan-2.19.5-bp155.2.3.1.ppc64le",
                  "product_id": "python3-botan-2.19.5-bp155.2.3.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Botan-2.19.5-bp155.2.3.1.s390x",
                "product": {
                  "name": "Botan-2.19.5-bp155.2.3.1.s390x",
                  "product_id": "Botan-2.19.5-bp155.2.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
                "product": {
                  "name": "libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
                  "product_id": "libbotan-2-19-2.19.5-bp155.2.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-devel-2.19.5-bp155.2.3.1.s390x",
                "product": {
                  "name": "libbotan-devel-2.19.5-bp155.2.3.1.s390x",
                  "product_id": "libbotan-devel-2.19.5-bp155.2.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python3-botan-2.19.5-bp155.2.3.1.s390x",
                "product": {
                  "name": "python3-botan-2.19.5-bp155.2.3.1.s390x",
                  "product_id": "python3-botan-2.19.5-bp155.2.3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Botan-2.19.5-bp155.2.3.1.x86_64",
                "product": {
                  "name": "Botan-2.19.5-bp155.2.3.1.x86_64",
                  "product_id": "Botan-2.19.5-bp155.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
                "product": {
                  "name": "libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
                  "product_id": "libbotan-2-19-2.19.5-bp155.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
                "product": {
                  "name": "libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
                  "product_id": "libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
                "product": {
                  "name": "libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
                  "product_id": "libbotan-devel-2.19.5-bp155.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
                "product": {
                  "name": "libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
                  "product_id": "libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-botan-2.19.5-bp155.2.3.1.x86_64",
                "product": {
                  "name": "python3-botan-2.19.5-bp155.2.3.1.x86_64",
                  "product_id": "python3-botan-2.19.5-bp155.2.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 15 SP5",
                "product": {
                  "name": "SUSE Package Hub 15 SP5",
                  "product_id": "SUSE Package Hub 15 SP5"
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.5",
                "product": {
                  "name": "openSUSE Leap 15.5",
                  "product_id": "openSUSE Leap 15.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "Botan-2.19.5-bp155.2.3.1.aarch64 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.aarch64"
        },
        "product_reference": "Botan-2.19.5-bp155.2.3.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "Botan-2.19.5-bp155.2.3.1.i586 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.i586"
        },
        "product_reference": "Botan-2.19.5-bp155.2.3.1.i586",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "Botan-2.19.5-bp155.2.3.1.ppc64le as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.ppc64le"
        },
        "product_reference": "Botan-2.19.5-bp155.2.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "Botan-2.19.5-bp155.2.3.1.s390x as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.s390x"
        },
        "product_reference": "Botan-2.19.5-bp155.2.3.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "Botan-2.19.5-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.x86_64"
        },
        "product_reference": "Botan-2.19.5-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "Botan-doc-2.19.5-bp155.2.3.1.noarch as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:Botan-doc-2.19.5-bp155.2.3.1.noarch"
        },
        "product_reference": "Botan-doc-2.19.5-bp155.2.3.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-2-19-2.19.5-bp155.2.3.1.aarch64 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64"
        },
        "product_reference": "libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-2-19-2.19.5-bp155.2.3.1.i586 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.i586"
        },
        "product_reference": "libbotan-2-19-2.19.5-bp155.2.3.1.i586",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le"
        },
        "product_reference": "libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-2-19-2.19.5-bp155.2.3.1.s390x as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x"
        },
        "product_reference": "libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-2-19-2.19.5-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64"
        },
        "product_reference": "libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64"
        },
        "product_reference": "libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32"
        },
        "product_reference": "libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-devel-2.19.5-bp155.2.3.1.aarch64 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64"
        },
        "product_reference": "libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-devel-2.19.5-bp155.2.3.1.i586 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.i586"
        },
        "product_reference": "libbotan-devel-2.19.5-bp155.2.3.1.i586",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-devel-2.19.5-bp155.2.3.1.ppc64le as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le"
        },
        "product_reference": "libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-devel-2.19.5-bp155.2.3.1.s390x as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.s390x"
        },
        "product_reference": "libbotan-devel-2.19.5-bp155.2.3.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-devel-2.19.5-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64"
        },
        "product_reference": "libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64"
        },
        "product_reference": "libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32"
        },
        "product_reference": "libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-botan-2.19.5-bp155.2.3.1.aarch64 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.aarch64"
        },
        "product_reference": "python3-botan-2.19.5-bp155.2.3.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-botan-2.19.5-bp155.2.3.1.i586 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.i586"
        },
        "product_reference": "python3-botan-2.19.5-bp155.2.3.1.i586",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-botan-2.19.5-bp155.2.3.1.ppc64le as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.ppc64le"
        },
        "product_reference": "python3-botan-2.19.5-bp155.2.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-botan-2.19.5-bp155.2.3.1.s390x as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.s390x"
        },
        "product_reference": "python3-botan-2.19.5-bp155.2.3.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-botan-2.19.5-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.x86_64"
        },
        "product_reference": "python3-botan-2.19.5-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "Botan-2.19.5-bp155.2.3.1.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.aarch64"
        },
        "product_reference": "Botan-2.19.5-bp155.2.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "Botan-2.19.5-bp155.2.3.1.i586 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.i586"
        },
        "product_reference": "Botan-2.19.5-bp155.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "Botan-2.19.5-bp155.2.3.1.ppc64le as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.ppc64le"
        },
        "product_reference": "Botan-2.19.5-bp155.2.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "Botan-2.19.5-bp155.2.3.1.s390x as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.s390x"
        },
        "product_reference": "Botan-2.19.5-bp155.2.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "Botan-2.19.5-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.x86_64"
        },
        "product_reference": "Botan-2.19.5-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "Botan-doc-2.19.5-bp155.2.3.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:Botan-doc-2.19.5-bp155.2.3.1.noarch"
        },
        "product_reference": "Botan-doc-2.19.5-bp155.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-2-19-2.19.5-bp155.2.3.1.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64"
        },
        "product_reference": "libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-2-19-2.19.5-bp155.2.3.1.i586 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.i586"
        },
        "product_reference": "libbotan-2-19-2.19.5-bp155.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le"
        },
        "product_reference": "libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-2-19-2.19.5-bp155.2.3.1.s390x as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x"
        },
        "product_reference": "libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-2-19-2.19.5-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64"
        },
        "product_reference": "libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64"
        },
        "product_reference": "libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32"
        },
        "product_reference": "libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-devel-2.19.5-bp155.2.3.1.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64"
        },
        "product_reference": "libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-devel-2.19.5-bp155.2.3.1.i586 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.i586"
        },
        "product_reference": "libbotan-devel-2.19.5-bp155.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-devel-2.19.5-bp155.2.3.1.ppc64le as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le"
        },
        "product_reference": "libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-devel-2.19.5-bp155.2.3.1.s390x as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.s390x"
        },
        "product_reference": "libbotan-devel-2.19.5-bp155.2.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-devel-2.19.5-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64"
        },
        "product_reference": "libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64"
        },
        "product_reference": "libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32"
        },
        "product_reference": "libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-botan-2.19.5-bp155.2.3.1.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.aarch64"
        },
        "product_reference": "python3-botan-2.19.5-bp155.2.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-botan-2.19.5-bp155.2.3.1.i586 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.i586"
        },
        "product_reference": "python3-botan-2.19.5-bp155.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-botan-2.19.5-bp155.2.3.1.ppc64le as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.ppc64le"
        },
        "product_reference": "python3-botan-2.19.5-bp155.2.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-botan-2.19.5-bp155.2.3.1.s390x as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.s390x"
        },
        "product_reference": "python3-botan-2.19.5-bp155.2.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-botan-2.19.5-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.x86_64"
        },
        "product_reference": "python3-botan-2.19.5-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-34702",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-34702"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters.  Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.i586",
          "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.s390x",
          "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:Botan-doc-2.19.5-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.i586",
          "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
          "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
          "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.i586",
          "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.s390x",
          "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
          "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.i586",
          "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.s390x",
          "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.i586",
          "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.ppc64le",
          "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.s390x",
          "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:Botan-doc-2.19.5-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.i586",
          "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
          "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
          "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
          "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.i586",
          "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
          "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.s390x",
          "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
          "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.i586",
          "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.ppc64le",
          "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.s390x",
          "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-34702",
          "url": "https://www.suse.com/security/cve/CVE-2024-34702"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1227607 for CVE-2024-34702",
          "url": "https://bugzilla.suse.com/1227607"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:Botan-doc-2.19.5-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:Botan-doc-2.19.5-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:Botan-doc-2.19.5-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:Botan-doc-2.19.5-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-07-16T06:28:15Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-34702"
    },
    {
      "cve": "CVE-2024-34703",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-34703"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan.\n",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.i586",
          "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.s390x",
          "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:Botan-doc-2.19.5-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.i586",
          "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
          "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
          "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.i586",
          "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.s390x",
          "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
          "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.i586",
          "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.s390x",
          "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.i586",
          "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.ppc64le",
          "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.s390x",
          "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:Botan-doc-2.19.5-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.i586",
          "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
          "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
          "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
          "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.i586",
          "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
          "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.s390x",
          "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
          "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.i586",
          "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.ppc64le",
          "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.s390x",
          "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-34703",
          "url": "https://www.suse.com/security/cve/CVE-2024-34703"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1227238 for CVE-2024-34703",
          "url": "https://bugzilla.suse.com/1227238"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:Botan-doc-2.19.5-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:Botan-doc-2.19.5-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:Botan-doc-2.19.5-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:Botan-doc-2.19.5-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-07-16T06:28:15Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-34703"
    },
    {
      "cve": "CVE-2024-39312",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-39312"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtrees and excluded subtrees, only the permitted subtree would be checked. If a certificate included a name which was permitted by the permitted subtree but also excluded by excluded subtree, it would be accepted. Fixed in versions 3.5.0 and 2.19.5.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.i586",
          "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.s390x",
          "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:Botan-doc-2.19.5-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.i586",
          "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
          "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
          "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.i586",
          "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.s390x",
          "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
          "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.i586",
          "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.s390x",
          "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.i586",
          "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.ppc64le",
          "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.s390x",
          "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:Botan-doc-2.19.5-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.i586",
          "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
          "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
          "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
          "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.i586",
          "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
          "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.s390x",
          "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
          "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.i586",
          "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.ppc64le",
          "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.s390x",
          "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-39312",
          "url": "https://www.suse.com/security/cve/CVE-2024-39312"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1227608 for CVE-2024-39312",
          "url": "https://bugzilla.suse.com/1227608"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:Botan-doc-2.19.5-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:Botan-doc-2.19.5-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:Botan-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:Botan-doc-2.19.5-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.i586",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.s390x",
            "SUSE Package Hub 15 SP5:python3-botan-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:Botan-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:Botan-doc-2.19.5-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:libbotan-2-19-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-2-19-32bit-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-2-19-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:libbotan-devel-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-devel-32bit-2.19.5-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libbotan-devel-64bit-2.19.5-bp155.2.3.1.aarch64_ilp32",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.i586",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.ppc64le",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.s390x",
            "openSUSE Leap 15.5:python3-botan-2.19.5-bp155.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-07-16T06:28:15Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-39312"
    }
  ]
}

OPENSUSE-SU-2024:14188-1

Vulnerability from csaf_opensuse - Published: 2024-07-15 00:00 - Updated: 2024-07-15 00:00

Summary

Botan-doc-2.19.5-1.1 on GA media

Notes

Title of the patch

Botan-doc-2.19.5-1.1 on GA media

Description of the patch

These are all security issues fixed in the Botan-doc-2.19.5-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-14188

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Botan-doc-2.19.5-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the Botan-doc-2.19.5-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-14188",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14188-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-34702 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-34702/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-34703 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-34703/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-39312 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-39312/"
      }
    ],
    "title": "Botan-doc-2.19.5-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-07-15T00:00:00Z",
      "generator": {
        "date": "2024-07-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:14188-1",
      "initial_release_date": "2024-07-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-07-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Botan-doc-2.19.5-1.1.aarch64",
                "product": {
                  "name": "Botan-doc-2.19.5-1.1.aarch64",
                  "product_id": "Botan-doc-2.19.5-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-2-19-2.19.5-1.1.aarch64",
                "product": {
                  "name": "libbotan-2-19-2.19.5-1.1.aarch64",
                  "product_id": "libbotan-2-19-2.19.5-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-devel-2.19.5-1.1.aarch64",
                "product": {
                  "name": "libbotan-devel-2.19.5-1.1.aarch64",
                  "product_id": "libbotan-devel-2.19.5-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-botan-2.19.5-1.1.aarch64",
                "product": {
                  "name": "python3-botan-2.19.5-1.1.aarch64",
                  "product_id": "python3-botan-2.19.5-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Botan-doc-2.19.5-1.1.ppc64le",
                "product": {
                  "name": "Botan-doc-2.19.5-1.1.ppc64le",
                  "product_id": "Botan-doc-2.19.5-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-2-19-2.19.5-1.1.ppc64le",
                "product": {
                  "name": "libbotan-2-19-2.19.5-1.1.ppc64le",
                  "product_id": "libbotan-2-19-2.19.5-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-devel-2.19.5-1.1.ppc64le",
                "product": {
                  "name": "libbotan-devel-2.19.5-1.1.ppc64le",
                  "product_id": "libbotan-devel-2.19.5-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python3-botan-2.19.5-1.1.ppc64le",
                "product": {
                  "name": "python3-botan-2.19.5-1.1.ppc64le",
                  "product_id": "python3-botan-2.19.5-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Botan-doc-2.19.5-1.1.s390x",
                "product": {
                  "name": "Botan-doc-2.19.5-1.1.s390x",
                  "product_id": "Botan-doc-2.19.5-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-2-19-2.19.5-1.1.s390x",
                "product": {
                  "name": "libbotan-2-19-2.19.5-1.1.s390x",
                  "product_id": "libbotan-2-19-2.19.5-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-devel-2.19.5-1.1.s390x",
                "product": {
                  "name": "libbotan-devel-2.19.5-1.1.s390x",
                  "product_id": "libbotan-devel-2.19.5-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python3-botan-2.19.5-1.1.s390x",
                "product": {
                  "name": "python3-botan-2.19.5-1.1.s390x",
                  "product_id": "python3-botan-2.19.5-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Botan-doc-2.19.5-1.1.x86_64",
                "product": {
                  "name": "Botan-doc-2.19.5-1.1.x86_64",
                  "product_id": "Botan-doc-2.19.5-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-2-19-2.19.5-1.1.x86_64",
                "product": {
                  "name": "libbotan-2-19-2.19.5-1.1.x86_64",
                  "product_id": "libbotan-2-19-2.19.5-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libbotan-devel-2.19.5-1.1.x86_64",
                "product": {
                  "name": "libbotan-devel-2.19.5-1.1.x86_64",
                  "product_id": "libbotan-devel-2.19.5-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-botan-2.19.5-1.1.x86_64",
                "product": {
                  "name": "python3-botan-2.19.5-1.1.x86_64",
                  "product_id": "python3-botan-2.19.5-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "Botan-doc-2.19.5-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.aarch64"
        },
        "product_reference": "Botan-doc-2.19.5-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "Botan-doc-2.19.5-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.ppc64le"
        },
        "product_reference": "Botan-doc-2.19.5-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "Botan-doc-2.19.5-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.s390x"
        },
        "product_reference": "Botan-doc-2.19.5-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "Botan-doc-2.19.5-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.x86_64"
        },
        "product_reference": "Botan-doc-2.19.5-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-2-19-2.19.5-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.aarch64"
        },
        "product_reference": "libbotan-2-19-2.19.5-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-2-19-2.19.5-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.ppc64le"
        },
        "product_reference": "libbotan-2-19-2.19.5-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-2-19-2.19.5-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.s390x"
        },
        "product_reference": "libbotan-2-19-2.19.5-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-2-19-2.19.5-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.x86_64"
        },
        "product_reference": "libbotan-2-19-2.19.5-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-devel-2.19.5-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.aarch64"
        },
        "product_reference": "libbotan-devel-2.19.5-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-devel-2.19.5-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.ppc64le"
        },
        "product_reference": "libbotan-devel-2.19.5-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-devel-2.19.5-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.s390x"
        },
        "product_reference": "libbotan-devel-2.19.5-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbotan-devel-2.19.5-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.x86_64"
        },
        "product_reference": "libbotan-devel-2.19.5-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-botan-2.19.5-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.aarch64"
        },
        "product_reference": "python3-botan-2.19.5-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-botan-2.19.5-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.ppc64le"
        },
        "product_reference": "python3-botan-2.19.5-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-botan-2.19.5-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.s390x"
        },
        "product_reference": "python3-botan-2.19.5-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-botan-2.19.5-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.x86_64"
        },
        "product_reference": "python3-botan-2.19.5-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-34702",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-34702"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters.  Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.aarch64",
          "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.ppc64le",
          "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.s390x",
          "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.x86_64",
          "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.aarch64",
          "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.ppc64le",
          "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.s390x",
          "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.x86_64",
          "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.aarch64",
          "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.ppc64le",
          "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.s390x",
          "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.x86_64",
          "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.aarch64",
          "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.ppc64le",
          "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.s390x",
          "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-34702",
          "url": "https://www.suse.com/security/cve/CVE-2024-34702"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1227607 for CVE-2024-34702",
          "url": "https://bugzilla.suse.com/1227607"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.x86_64",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.x86_64",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.x86_64",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.x86_64",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.x86_64",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.x86_64",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-07-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-34702"
    },
    {
      "cve": "CVE-2024-34703",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-34703"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan.\n",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.aarch64",
          "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.ppc64le",
          "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.s390x",
          "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.x86_64",
          "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.aarch64",
          "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.ppc64le",
          "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.s390x",
          "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.x86_64",
          "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.aarch64",
          "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.ppc64le",
          "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.s390x",
          "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.x86_64",
          "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.aarch64",
          "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.ppc64le",
          "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.s390x",
          "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-34703",
          "url": "https://www.suse.com/security/cve/CVE-2024-34703"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1227238 for CVE-2024-34703",
          "url": "https://bugzilla.suse.com/1227238"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.x86_64",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.x86_64",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.x86_64",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.x86_64",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.x86_64",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.x86_64",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-07-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-34703"
    },
    {
      "cve": "CVE-2024-39312",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-39312"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtrees and excluded subtrees, only the permitted subtree would be checked. If a certificate included a name which was permitted by the permitted subtree but also excluded by excluded subtree, it would be accepted. Fixed in versions 3.5.0 and 2.19.5.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.aarch64",
          "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.ppc64le",
          "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.s390x",
          "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.x86_64",
          "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.aarch64",
          "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.ppc64le",
          "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.s390x",
          "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.x86_64",
          "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.aarch64",
          "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.ppc64le",
          "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.s390x",
          "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.x86_64",
          "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.aarch64",
          "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.ppc64le",
          "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.s390x",
          "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-39312",
          "url": "https://www.suse.com/security/cve/CVE-2024-39312"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1227608 for CVE-2024-39312",
          "url": "https://bugzilla.suse.com/1227608"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.x86_64",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.x86_64",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.x86_64",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:Botan-doc-2.19.5-1.1.x86_64",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:libbotan-2-19-2.19.5-1.1.x86_64",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:libbotan-devel-2.19.5-1.1.x86_64",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.aarch64",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.ppc64le",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.s390x",
            "openSUSE Tumbleweed:python3-botan-2.19.5-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-07-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-39312"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-34702 (GCVE-0-2024-34702)

FKIE_CVE-2024-34702

OPENSUSE-SU-2024:0201-1

OPENSUSE-SU-2024:14188-1

Tags

Sightings

Nomenclature