Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/botan@1.6.5-3
Typedeb
Namespacedebian
Namebotan
Version1.6.5-3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.19.3+dfsg-1+deb12u1
Latest_non_vulnerable_version2.19.3+dfsg-1+deb12u1
Affected_by_vulnerabilities
0
url VCID-31pb-3pss-ybg3
vulnerability_id VCID-31pb-3pss-ybg3
summary A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20187
reference_id
reference_type
scores
0
value 0.00487
scoring_system epss
scoring_elements 0.65481
published_at 2026-04-21T12:55:00Z
1
value 0.00487
scoring_system epss
scoring_elements 0.65485
published_at 2026-04-16T12:55:00Z
2
value 0.00487
scoring_system epss
scoring_elements 0.65496
published_at 2026-04-18T12:55:00Z
3
value 0.00487
scoring_system epss
scoring_elements 0.65368
published_at 2026-04-01T12:55:00Z
4
value 0.00487
scoring_system epss
scoring_elements 0.65417
published_at 2026-04-02T12:55:00Z
5
value 0.00487
scoring_system epss
scoring_elements 0.65444
published_at 2026-04-04T12:55:00Z
6
value 0.00487
scoring_system epss
scoring_elements 0.65406
published_at 2026-04-07T12:55:00Z
7
value 0.00487
scoring_system epss
scoring_elements 0.65459
published_at 2026-04-08T12:55:00Z
8
value 0.00487
scoring_system epss
scoring_elements 0.6547
published_at 2026-04-09T12:55:00Z
9
value 0.00487
scoring_system epss
scoring_elements 0.65489
published_at 2026-04-11T12:55:00Z
10
value 0.00487
scoring_system epss
scoring_elements 0.65476
published_at 2026-04-12T12:55:00Z
11
value 0.00487
scoring_system epss
scoring_elements 0.65448
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20187
1
reference_url https://botan.randombit.net/news.html
reference_id
reference_type
scores
url https://botan.randombit.net/news.html
2
reference_url https://botan.randombit.net/security.html
reference_id
reference_type
scores
url https://botan.randombit.net/security.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20187
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20187
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/crocs-muni/ECTester
reference_id
reference_type
scores
url https://github.com/crocs-muni/ECTester
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918732
reference_id 918732
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918732
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20187
reference_id CVE-2018-20187
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2018-20187
fixed_packages
0
url pkg:deb/debian/botan@2.9.0-2
purl pkg:deb/debian/botan@2.9.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32jb-t7zq-uyhe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan@2.9.0-2
aliases CVE-2018-20187
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31pb-3pss-ybg3
1
url VCID-32jb-t7zq-uyhe
vulnerability_id VCID-32jb-t7zq-uyhe
summary In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-24115
reference_id
reference_type
scores
0
value 0.00711
scoring_system epss
scoring_elements 0.72286
published_at 2026-04-21T12:55:00Z
1
value 0.00711
scoring_system epss
scoring_elements 0.72204
published_at 2026-04-01T12:55:00Z
2
value 0.00711
scoring_system epss
scoring_elements 0.72209
published_at 2026-04-02T12:55:00Z
3
value 0.00711
scoring_system epss
scoring_elements 0.72229
published_at 2026-04-04T12:55:00Z
4
value 0.00711
scoring_system epss
scoring_elements 0.72205
published_at 2026-04-07T12:55:00Z
5
value 0.00711
scoring_system epss
scoring_elements 0.72242
published_at 2026-04-08T12:55:00Z
6
value 0.00711
scoring_system epss
scoring_elements 0.72254
published_at 2026-04-09T12:55:00Z
7
value 0.00711
scoring_system epss
scoring_elements 0.72277
published_at 2026-04-11T12:55:00Z
8
value 0.00711
scoring_system epss
scoring_elements 0.7226
published_at 2026-04-12T12:55:00Z
9
value 0.00711
scoring_system epss
scoring_elements 0.72247
published_at 2026-04-13T12:55:00Z
10
value 0.00711
scoring_system epss
scoring_elements 0.72289
published_at 2026-04-16T12:55:00Z
11
value 0.00711
scoring_system epss
scoring_elements 0.72298
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-24115
1
reference_url https://botan.randombit.net/news.html
reference_id
reference_type
scores
url https://botan.randombit.net/news.html
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24115
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24115
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-24115
reference_id CVE-2021-24115
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-24115
fixed_packages
0
url pkg:deb/debian/botan@2.17.3%2Bdfsg-2
purl pkg:deb/debian/botan@2.17.3%2Bdfsg-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4813-s8rk-xqcz
1
vulnerability VCID-9kx4-w9uw-vybp
2
vulnerability VCID-9us9-jyfu-hqdg
3
vulnerability VCID-sfcs-71wr-wbf4
4
vulnerability VCID-vgqy-r4ed-4bcv
5
vulnerability VCID-w192-d7k6-h3a3
6
vulnerability VCID-xffg-w6fz-yqfj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan@2.17.3%252Bdfsg-2
aliases CVE-2021-24115
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-32jb-t7zq-uyhe
2
url VCID-851y-jyry-8qe1
vulnerability_id VCID-851y-jyry-8qe1
summary Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12435
reference_id
reference_type
scores
0
value 0.00153
scoring_system epss
scoring_elements 0.36009
published_at 2026-04-21T12:55:00Z
1
value 0.00153
scoring_system epss
scoring_elements 0.36035
published_at 2026-04-13T12:55:00Z
2
value 0.00153
scoring_system epss
scoring_elements 0.36062
published_at 2026-04-18T12:55:00Z
3
value 0.00153
scoring_system epss
scoring_elements 0.35969
published_at 2026-04-01T12:55:00Z
4
value 0.00153
scoring_system epss
scoring_elements 0.36159
published_at 2026-04-02T12:55:00Z
5
value 0.00153
scoring_system epss
scoring_elements 0.3619
published_at 2026-04-04T12:55:00Z
6
value 0.00153
scoring_system epss
scoring_elements 0.36025
published_at 2026-04-07T12:55:00Z
7
value 0.00153
scoring_system epss
scoring_elements 0.36075
published_at 2026-04-16T12:55:00Z
8
value 0.00153
scoring_system epss
scoring_elements 0.36093
published_at 2026-04-09T12:55:00Z
9
value 0.00153
scoring_system epss
scoring_elements 0.361
published_at 2026-04-11T12:55:00Z
10
value 0.00153
scoring_system epss
scoring_elements 0.36061
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12435
1
reference_url https://botan.randombit.net/security.html
reference_id
reference_type
scores
url https://botan.randombit.net/security.html
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12435
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12435
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3
reference_id
reference_type
scores
url https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3
5
reference_url https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
reference_id
reference_type
scores
url https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901619
reference_id 901619
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901619
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12435
reference_id CVE-2018-12435
reference_type
scores
0
value 1.9
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:N/C:P/I:N/A:N
1
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2018-12435
fixed_packages
0
url pkg:deb/debian/botan@2.9.0-2
purl pkg:deb/debian/botan@2.9.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32jb-t7zq-uyhe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan@2.9.0-2
aliases CVE-2018-12435
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-851y-jyry-8qe1
3
url VCID-bdvc-y1wv-gkcf
vulnerability_id VCID-bdvc-y1wv-gkcf
summary An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will subsequently fail and the connection will be closed. This could be used for denial of service. No information leak occurs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-9860
reference_id
reference_type
scores
0
value 0.00499
scoring_system epss
scoring_elements 0.65823
published_at 2026-04-01T12:55:00Z
1
value 0.00499
scoring_system epss
scoring_elements 0.65871
published_at 2026-04-02T12:55:00Z
2
value 0.00499
scoring_system epss
scoring_elements 0.65901
published_at 2026-04-04T12:55:00Z
3
value 0.00499
scoring_system epss
scoring_elements 0.65866
published_at 2026-04-07T12:55:00Z
4
value 0.00499
scoring_system epss
scoring_elements 0.65918
published_at 2026-04-08T12:55:00Z
5
value 0.00499
scoring_system epss
scoring_elements 0.65929
published_at 2026-04-09T12:55:00Z
6
value 0.00499
scoring_system epss
scoring_elements 0.65947
published_at 2026-04-11T12:55:00Z
7
value 0.00499
scoring_system epss
scoring_elements 0.65934
published_at 2026-04-12T12:55:00Z
8
value 0.00499
scoring_system epss
scoring_elements 0.65904
published_at 2026-04-13T12:55:00Z
9
value 0.00499
scoring_system epss
scoring_elements 0.65939
published_at 2026-04-16T12:55:00Z
10
value 0.00499
scoring_system epss
scoring_elements 0.65954
published_at 2026-04-18T12:55:00Z
11
value 0.00499
scoring_system epss
scoring_elements 0.65943
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-9860
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9860
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9860
fixed_packages
0
url pkg:deb/debian/botan@2.9.0-2
purl pkg:deb/debian/botan@2.9.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32jb-t7zq-uyhe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan@2.9.0-2
aliases CVE-2018-9860
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bdvc-y1wv-gkcf
4
url VCID-wqt2-m3gv-6fgk
vulnerability_id VCID-wqt2-m3gv-6fgk
summary Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must already have a wildcard certificate matching other hosts in the same domain. For example, b*.example.com would match some hostnames that do not begin with a 'b' character.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-9127
reference_id
reference_type
scores
0
value 0.00179
scoring_system epss
scoring_elements 0.3933
published_at 2026-04-01T12:55:00Z
1
value 0.00179
scoring_system epss
scoring_elements 0.39492
published_at 2026-04-02T12:55:00Z
2
value 0.00179
scoring_system epss
scoring_elements 0.39515
published_at 2026-04-04T12:55:00Z
3
value 0.00179
scoring_system epss
scoring_elements 0.39429
published_at 2026-04-07T12:55:00Z
4
value 0.00179
scoring_system epss
scoring_elements 0.39485
published_at 2026-04-08T12:55:00Z
5
value 0.00179
scoring_system epss
scoring_elements 0.395
published_at 2026-04-09T12:55:00Z
6
value 0.00179
scoring_system epss
scoring_elements 0.39511
published_at 2026-04-11T12:55:00Z
7
value 0.00179
scoring_system epss
scoring_elements 0.39472
published_at 2026-04-12T12:55:00Z
8
value 0.00179
scoring_system epss
scoring_elements 0.39455
published_at 2026-04-13T12:55:00Z
9
value 0.00179
scoring_system epss
scoring_elements 0.39507
published_at 2026-04-16T12:55:00Z
10
value 0.00179
scoring_system epss
scoring_elements 0.39478
published_at 2026-04-18T12:55:00Z
11
value 0.00179
scoring_system epss
scoring_elements 0.39393
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-9127
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9127
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9127
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894648
reference_id 894648
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894648
fixed_packages
0
url pkg:deb/debian/botan@2.9.0-2
purl pkg:deb/debian/botan@2.9.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32jb-t7zq-uyhe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan@2.9.0-2
aliases CVE-2018-9127
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wqt2-m3gv-6fgk
Fixing_vulnerabilities
Risk_score2.6
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/botan@1.6.5-3