Auto-Update: 2024-06-30T22:00:29.861382+00:00

This commit is contained in:
cad-safe-bot 2024-06-30 22:03:22 +00:00
parent d56cd69198
commit b0a63b6cc4
3 changed files with 80 additions and 16 deletions

View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-34703",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-30T21:15:02.053",
"lastModified": "2024-06-30T21:15:02.053",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-405"
},
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/randombit/botan/commit/08c404b23740babee1f6aa51b54e966029aadee4",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/randombit/botan/commit/94e9154c143aa5264da6254a6a1be5bc66ee2b5a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/randombit/botan/security/advisories/GHSA-w4g2-7m2h-7xj7",
"source": "security-advisories@github.com"
}
]
}

View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-06-30T20:00:44.918095+00:00
2024-06-30T22:00:29.861382+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-06-30T19:15:02.233000+00:00
2024-06-30T21:15:02.053000+00:00
```
### Last Data Feed Release
@ -33,19 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
255513
255514
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `1`
- [CVE-2023-50952](CVE-2023/CVE-2023-509xx/CVE-2023-50952.json) (`2024-06-30T18:15:02.733`)
- [CVE-2023-50953](CVE-2023/CVE-2023-509xx/CVE-2023-50953.json) (`2024-06-30T18:15:02.970`)
- [CVE-2023-50964](CVE-2023/CVE-2023-509xx/CVE-2023-50964.json) (`2024-06-30T19:15:02.007`)
- [CVE-2024-28794](CVE-2024/CVE-2024-287xx/CVE-2024-28794.json) (`2024-06-30T19:15:02.233`)
- [CVE-2024-28797](CVE-2024/CVE-2024-287xx/CVE-2024-28797.json) (`2024-06-30T18:15:03.480`)
- [CVE-2024-31898](CVE-2024/CVE-2024-318xx/CVE-2024-31898.json) (`2024-06-30T18:15:03.693`)
- [CVE-2024-34703](CVE-2024/CVE-2024-347xx/CVE-2024-34703.json) (`2024-06-30T21:15:02.053`)
### CVEs modified in the last Commit

View File

@ -237352,8 +237352,8 @@ CVE-2023-50948,0,0,3c02519a72037dff711d5ee48432aa7f2b5638da69466874289b5ec8a9701
CVE-2023-50949,0,0,05099c94caa797bc55ec09b8ff46351e2b7dda33262efba30ca113b16d3acf90,2024-04-12T12:44:04.930000
CVE-2023-50950,0,0,dfea2c60bf930725232ee8dec76ee1dc7db647db5a23e4d3c95d00ce14c241f2,2024-01-24T19:42:29.450000
CVE-2023-50951,0,0,ac9a2ba6b69cc6219b314f88f75f8d16d80977a7838c8861bc4cc4a5a90b32d2,2024-02-20T19:50:53.960000
CVE-2023-50952,1,1,214157c0c9dc9e309d6f0a4359b410b3ce0dadd6acd5fd4462de91fe9605c594,2024-06-30T18:15:02.733000
CVE-2023-50953,1,1,6f1dd2b712dca3790293e891ea7b3c19d9bc58239f13f04e90aad630ba8c903b,2024-06-30T18:15:02.970000
CVE-2023-50952,0,0,214157c0c9dc9e309d6f0a4359b410b3ce0dadd6acd5fd4462de91fe9605c594,2024-06-30T18:15:02.733000
CVE-2023-50953,0,0,6f1dd2b712dca3790293e891ea7b3c19d9bc58239f13f04e90aad630ba8c903b,2024-06-30T18:15:02.970000
CVE-2023-50954,0,0,cd28b9f2a6eb84f79dffe7b3ed168d5a7dc92dd5eba345b0866635e9f903a3aa,2024-06-30T17:15:02.470000
CVE-2023-50955,0,0,2dac25424bb634048955c93e845cd595a5737c34f7a73119031e8a018fd0e20a,2024-02-22T19:07:27.197000
CVE-2023-50957,0,0,a38d290def706a6975d8b2902c3d1f58a6074172158e1685b40a6a512f9caf13,2024-02-15T04:37:53.297000
@ -237362,7 +237362,7 @@ CVE-2023-5096,0,0,1b0896fcd5a16a2bfc5ce288684748ddee835572b804e4af539b42517b79d3
CVE-2023-50961,0,0,d711d4a9d8ad627716324633a649c2a8b70ff648c86857e4b94f3b50216da091,2024-03-27T15:49:51.300000
CVE-2023-50962,0,0,365daa63183eee3bc8e35da897e2163d0fc458ef66adb39b8eb249f4c8a968ff,2024-02-12T14:31:36.920000
CVE-2023-50963,0,0,f8ab53d3916fdeb747721dbad810b91a4d8cca1f3447b9dedd0b7a0a236caf08,2024-01-24T21:22:22.293000
CVE-2023-50964,1,1,8e9c38aa40e1bbdd98bdb4dea21478d59ddc547ce681076c9051314b28c5c9af,2024-06-30T19:15:02.007000
CVE-2023-50964,0,0,8e9c38aa40e1bbdd98bdb4dea21478d59ddc547ce681076c9051314b28c5c9af,2024-06-30T19:15:02.007000
CVE-2023-50965,0,0,7d1de52a11bce456c4c16ef773b97b5e53898c75617739b3525f486b2a63242b,2023-12-20T20:02:23.497000
CVE-2023-50966,0,0,a6b32088d0a5d6ef9a7d587370f326ae2061a7a42b121ce18c85e023136aaec3,2024-03-19T16:33:58.680000
CVE-2023-50967,0,0,bb1533384c54817eac919409a9c4a4f7b98f5730662b59bf4ce17ad616d7daee,2024-04-19T23:15:09.330000
@ -247983,9 +247983,9 @@ CVE-2024-28784,0,0,c979b0334a0081e1847a4bc955e67dbbc0397aed136c4d3aa1b489c4f3f26
CVE-2024-28787,0,0,466884053e2fb97771b0b18e87658d91d7f6894823937327962bdc9b1ecfdc33,2024-04-04T19:24:50.670000
CVE-2024-2879,0,0,b3cb63a21efa9503ae3e8fbd2c3fbecce8466a6f50871d6397f8e38479a77e62,2024-04-08T22:49:41.533000
CVE-2024-28793,0,0,0971b91b249c500bf4e72fc37951e1fea5132a60c7834326b93f07f92baebfb6,2024-06-10T18:15:29.983000
CVE-2024-28794,1,1,fea3931f90b9f84cf4c733c8b13103f1c0ea3743e99a2912dcf009b5c0fcff09,2024-06-30T19:15:02.233000
CVE-2024-28794,0,0,fea3931f90b9f84cf4c733c8b13103f1c0ea3743e99a2912dcf009b5c0fcff09,2024-06-30T19:15:02.233000
CVE-2024-28795,0,0,cdcc3ce008679975bf496c8bd14b637e1ba080c5295dbaca41aef374af5c9d06,2024-06-30T16:15:02.987000
CVE-2024-28797,1,1,cb656ca0fb48c752719361d8d555f4dcc2a45188759fd6cb1344b5a0a55b05dd,2024-06-30T18:15:03.480000
CVE-2024-28797,0,0,cb656ca0fb48c752719361d8d555f4dcc2a45188759fd6cb1344b5a0a55b05dd,2024-06-30T18:15:03.480000
CVE-2024-28798,0,0,3ed41b05d7d28d830091bb6df2fa27e3e32bb2a125c831d0251b397ac1a3e5a2,2024-06-30T17:15:02.720000
CVE-2024-28815,0,0,e7bdcd0ac6977f9c059dbb312ad54d9a388fdc8f6a137aa4ed5f32fc20fa20fd,2024-04-30T07:15:48.897000
CVE-2024-28816,0,0,4b9f923b99f4095b32672af0003c81bae1f3b3136774827600fae7accfedcfe3,2024-03-11T12:47:42.653000
@ -250018,7 +250018,7 @@ CVE-2024-31890,0,0,eda850bb7869648d895763435641ab97f0cfe4aeba8f677c829b9f47f4e39
CVE-2024-31893,0,0,12d01c628fd750c0cbf441575efefbf394d1654280d687a3cb134821594970b6,2024-05-24T01:15:30.977000
CVE-2024-31894,0,0,5d58af989adc88e1f21decb4e4b73370061e14ed54479d7579f2f2b5b7332e1e,2024-05-24T01:15:30.977000
CVE-2024-31895,0,0,38db7df97417d61bcac3e1b48b52fd0d409c4088497b5231955dcf460bac575b,2024-05-24T01:15:30.977000
CVE-2024-31898,1,1,33566edd39449d6937cfe890ae696f9e487e7e051ba641cc870b458befd5ee22,2024-06-30T18:15:03.693000
CVE-2024-31898,0,0,33566edd39449d6937cfe890ae696f9e487e7e051ba641cc870b458befd5ee22,2024-06-30T18:15:03.693000
CVE-2024-3190,0,0,c17e9142af04bd9f9561cc561aacffdced5eb94e572636fb91c22838cccaf428,2024-05-30T13:15:41.297000
CVE-2024-31902,0,0,1157e96c42fe5e1f6cd50b8a219a0e329afeecd891787c4e2cd01170b9e9df82,2024-06-30T17:15:02.923000
CVE-2024-31904,0,0,f581f8d898f5db4b0367557c06fa4b666380cc23610e816c03e35138e889ca3c,2024-05-24T01:15:30.977000
@ -251750,6 +251750,7 @@ CVE-2024-34698,0,0,10e59d69dc4df1155204551f8483405755bab4be109bdea52b3a75e369d53
CVE-2024-34699,0,0,25f405235bcdebbbdbdc15ae858e3622caf3e07dac211b82cab5ea59f42ec719,2024-05-14T16:12:23.490000
CVE-2024-3470,0,0,736c8b21abac392de8987478bb4430873353b2c43829321b68bed57cd49a65ed,2024-04-19T16:19:49.043000
CVE-2024-34701,0,0,5a8c02ffa2fcadb317d10fc6ec8b451b4dcf3f6eab6c63ebf616f401a02dac46,2024-05-14T16:12:23.490000
CVE-2024-34703,1,1,5ad2e6f5e34e2f6fd45700d7306c9c5e8b06f592b7ba43c13c397477c4dda22d,2024-06-30T21:15:02.053000
CVE-2024-34704,0,0,48d6359679289248ce803dfb7b75c17011aaace7b08a8c9d1fc68e47f081bf3e,2024-05-14T16:12:23.490000
CVE-2024-34706,0,0,4726580e4aef314a5fbec04fe3b48a640bc06fa468e915ceb8e4adce9150430f,2024-05-14T16:12:23.490000
CVE-2024-34707,0,0,4ed4d85a391d834d7fb079efda0834353a1979685e57868a3cb454f56a7390b7,2024-05-14T16:12:23.490000

Can't render this file because it is too large.