Auto-Update: 2024-06-30T22:00:29.861382+00:00

CVE-2024/CVE-2024-347xx/CVE-2024-34703.json

@@ -0,0 +1,68 @@
+{
+  "id": "CVE-2024-34703",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2024-06-30T21:15:02.053",
+  "lastModified": "2024-06-30T21:15:02.053",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan.\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-405"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-770"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/randombit/botan/commit/08c404b23740babee1f6aa51b54e966029aadee4",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/randombit/botan/commit/94e9154c143aa5264da6254a6a1be5bc66ee2b5a",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/randombit/botan/security/advisories/GHSA-w4g2-7m2h-7xj7",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-06-30T20:00:44.918095+00:00
+2024-06-30T22:00:29.861382+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-06-30T19:15:02.233000+00:00
+2024-06-30T21:15:02.053000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,19 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-255513
+255514
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `6`
+Recently added CVEs: `1`
 
-- [CVE-2023-50952](CVE-2023/CVE-2023-509xx/CVE-2023-50952.json) (`2024-06-30T18:15:02.733`)
+- [CVE-2024-34703](CVE-2024/CVE-2024-347xx/CVE-2024-34703.json) (`2024-06-30T21:15:02.053`)
-- [CVE-2023-50953](CVE-2023/CVE-2023-509xx/CVE-2023-50953.json) (`2024-06-30T18:15:02.970`)
-- [CVE-2023-50964](CVE-2023/CVE-2023-509xx/CVE-2023-50964.json) (`2024-06-30T19:15:02.007`)
-- [CVE-2024-28794](CVE-2024/CVE-2024-287xx/CVE-2024-28794.json) (`2024-06-30T19:15:02.233`)
-- [CVE-2024-28797](CVE-2024/CVE-2024-287xx/CVE-2024-28797.json) (`2024-06-30T18:15:03.480`)
-- [CVE-2024-31898](CVE-2024/CVE-2024-318xx/CVE-2024-31898.json) (`2024-06-30T18:15:03.693`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -237352,8 +237352,8 @@ CVE-2023-50948,0,0,3c02519a72037dff711d5ee48432aa7f2b5638da69466874289b5ec8a9701
 CVE-2023-50949,0,0,05099c94caa797bc55ec09b8ff46351e2b7dda33262efba30ca113b16d3acf90,2024-04-12T12:44:04.930000
 CVE-2023-50950,0,0,dfea2c60bf930725232ee8dec76ee1dc7db647db5a23e4d3c95d00ce14c241f2,2024-01-24T19:42:29.450000
 CVE-2023-50951,0,0,ac9a2ba6b69cc6219b314f88f75f8d16d80977a7838c8861bc4cc4a5a90b32d2,2024-02-20T19:50:53.960000
-CVE-2023-50952,1,1,214157c0c9dc9e309d6f0a4359b410b3ce0dadd6acd5fd4462de91fe9605c594,2024-06-30T18:15:02.733000
+CVE-2023-50952,0,0,214157c0c9dc9e309d6f0a4359b410b3ce0dadd6acd5fd4462de91fe9605c594,2024-06-30T18:15:02.733000
-CVE-2023-50953,1,1,6f1dd2b712dca3790293e891ea7b3c19d9bc58239f13f04e90aad630ba8c903b,2024-06-30T18:15:02.970000
+CVE-2023-50953,0,0,6f1dd2b712dca3790293e891ea7b3c19d9bc58239f13f04e90aad630ba8c903b,2024-06-30T18:15:02.970000
 CVE-2023-50954,0,0,cd28b9f2a6eb84f79dffe7b3ed168d5a7dc92dd5eba345b0866635e9f903a3aa,2024-06-30T17:15:02.470000
 CVE-2023-50955,0,0,2dac25424bb634048955c93e845cd595a5737c34f7a73119031e8a018fd0e20a,2024-02-22T19:07:27.197000
 CVE-2023-50957,0,0,a38d290def706a6975d8b2902c3d1f58a6074172158e1685b40a6a512f9caf13,2024-02-15T04:37:53.297000
@@ -237362,7 +237362,7 @@ CVE-2023-5096,0,0,1b0896fcd5a16a2bfc5ce288684748ddee835572b804e4af539b42517b79d3
 CVE-2023-50961,0,0,d711d4a9d8ad627716324633a649c2a8b70ff648c86857e4b94f3b50216da091,2024-03-27T15:49:51.300000
 CVE-2023-50962,0,0,365daa63183eee3bc8e35da897e2163d0fc458ef66adb39b8eb249f4c8a968ff,2024-02-12T14:31:36.920000
 CVE-2023-50963,0,0,f8ab53d3916fdeb747721dbad810b91a4d8cca1f3447b9dedd0b7a0a236caf08,2024-01-24T21:22:22.293000
-CVE-2023-50964,1,1,8e9c38aa40e1bbdd98bdb4dea21478d59ddc547ce681076c9051314b28c5c9af,2024-06-30T19:15:02.007000
+CVE-2023-50964,0,0,8e9c38aa40e1bbdd98bdb4dea21478d59ddc547ce681076c9051314b28c5c9af,2024-06-30T19:15:02.007000
 CVE-2023-50965,0,0,7d1de52a11bce456c4c16ef773b97b5e53898c75617739b3525f486b2a63242b,2023-12-20T20:02:23.497000
 CVE-2023-50966,0,0,a6b32088d0a5d6ef9a7d587370f326ae2061a7a42b121ce18c85e023136aaec3,2024-03-19T16:33:58.680000
 CVE-2023-50967,0,0,bb1533384c54817eac919409a9c4a4f7b98f5730662b59bf4ce17ad616d7daee,2024-04-19T23:15:09.330000
@@ -247983,9 +247983,9 @@ CVE-2024-28784,0,0,c979b0334a0081e1847a4bc955e67dbbc0397aed136c4d3aa1b489c4f3f26
 CVE-2024-28787,0,0,466884053e2fb97771b0b18e87658d91d7f6894823937327962bdc9b1ecfdc33,2024-04-04T19:24:50.670000
 CVE-2024-2879,0,0,b3cb63a21efa9503ae3e8fbd2c3fbecce8466a6f50871d6397f8e38479a77e62,2024-04-08T22:49:41.533000
 CVE-2024-28793,0,0,0971b91b249c500bf4e72fc37951e1fea5132a60c7834326b93f07f92baebfb6,2024-06-10T18:15:29.983000
-CVE-2024-28794,1,1,fea3931f90b9f84cf4c733c8b13103f1c0ea3743e99a2912dcf009b5c0fcff09,2024-06-30T19:15:02.233000
+CVE-2024-28794,0,0,fea3931f90b9f84cf4c733c8b13103f1c0ea3743e99a2912dcf009b5c0fcff09,2024-06-30T19:15:02.233000
 CVE-2024-28795,0,0,cdcc3ce008679975bf496c8bd14b637e1ba080c5295dbaca41aef374af5c9d06,2024-06-30T16:15:02.987000
-CVE-2024-28797,1,1,cb656ca0fb48c752719361d8d555f4dcc2a45188759fd6cb1344b5a0a55b05dd,2024-06-30T18:15:03.480000
+CVE-2024-28797,0,0,cb656ca0fb48c752719361d8d555f4dcc2a45188759fd6cb1344b5a0a55b05dd,2024-06-30T18:15:03.480000
 CVE-2024-28798,0,0,3ed41b05d7d28d830091bb6df2fa27e3e32bb2a125c831d0251b397ac1a3e5a2,2024-06-30T17:15:02.720000
 CVE-2024-28815,0,0,e7bdcd0ac6977f9c059dbb312ad54d9a388fdc8f6a137aa4ed5f32fc20fa20fd,2024-04-30T07:15:48.897000
 CVE-2024-28816,0,0,4b9f923b99f4095b32672af0003c81bae1f3b3136774827600fae7accfedcfe3,2024-03-11T12:47:42.653000
@@ -250018,7 +250018,7 @@ CVE-2024-31890,0,0,eda850bb7869648d895763435641ab97f0cfe4aeba8f677c829b9f47f4e39
 CVE-2024-31893,0,0,12d01c628fd750c0cbf441575efefbf394d1654280d687a3cb134821594970b6,2024-05-24T01:15:30.977000
 CVE-2024-31894,0,0,5d58af989adc88e1f21decb4e4b73370061e14ed54479d7579f2f2b5b7332e1e,2024-05-24T01:15:30.977000
 CVE-2024-31895,0,0,38db7df97417d61bcac3e1b48b52fd0d409c4088497b5231955dcf460bac575b,2024-05-24T01:15:30.977000
-CVE-2024-31898,1,1,33566edd39449d6937cfe890ae696f9e487e7e051ba641cc870b458befd5ee22,2024-06-30T18:15:03.693000
+CVE-2024-31898,0,0,33566edd39449d6937cfe890ae696f9e487e7e051ba641cc870b458befd5ee22,2024-06-30T18:15:03.693000
 CVE-2024-3190,0,0,c17e9142af04bd9f9561cc561aacffdced5eb94e572636fb91c22838cccaf428,2024-05-30T13:15:41.297000
 CVE-2024-31902,0,0,1157e96c42fe5e1f6cd50b8a219a0e329afeecd891787c4e2cd01170b9e9df82,2024-06-30T17:15:02.923000
 CVE-2024-31904,0,0,f581f8d898f5db4b0367557c06fa4b666380cc23610e816c03e35138e889ca3c,2024-05-24T01:15:30.977000
@@ -251750,6 +251750,7 @@ CVE-2024-34698,0,0,10e59d69dc4df1155204551f8483405755bab4be109bdea52b3a75e369d53
 CVE-2024-34699,0,0,25f405235bcdebbbdbdc15ae858e3622caf3e07dac211b82cab5ea59f42ec719,2024-05-14T16:12:23.490000
 CVE-2024-3470,0,0,736c8b21abac392de8987478bb4430873353b2c43829321b68bed57cd49a65ed,2024-04-19T16:19:49.043000
 CVE-2024-34701,0,0,5a8c02ffa2fcadb317d10fc6ec8b451b4dcf3f6eab6c63ebf616f401a02dac46,2024-05-14T16:12:23.490000
+CVE-2024-34703,1,1,5ad2e6f5e34e2f6fd45700d7306c9c5e8b06f592b7ba43c13c397477c4dda22d,2024-06-30T21:15:02.053000
 CVE-2024-34704,0,0,48d6359679289248ce803dfb7b75c17011aaace7b08a8c9d1fc68e47f081bf3e,2024-05-14T16:12:23.490000
 CVE-2024-34706,0,0,4726580e4aef314a5fbec04fe3b48a640bc06fa468e915ceb8e4adce9150430f,2024-05-14T16:12:23.490000
 CVE-2024-34707,0,0,4ed4d85a391d834d7fb079efda0834353a1979685e57868a3cb454f56a7390b7,2024-05-14T16:12:23.490000