Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/botan@2.19.4%2Bdfsg-1?distro=trixie
Typedeb
Namespacedebian
Namebotan
Version2.19.4+dfsg-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.19.5+dfsg-1
Latest_non_vulnerable_version2.19.5+dfsg-4
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-vgqy-r4ed-4bcv
vulnerability_id VCID-vgqy-r4ed-4bcv
summary Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34703
reference_id
reference_type
scores
0
value 0.00201
scoring_system epss
scoring_elements 0.42212
published_at 2026-04-18T12:55:00Z
1
value 0.00201
scoring_system epss
scoring_elements 0.42227
published_at 2026-04-09T12:55:00Z
2
value 0.00201
scoring_system epss
scoring_elements 0.42169
published_at 2026-04-07T12:55:00Z
3
value 0.00201
scoring_system epss
scoring_elements 0.42219
published_at 2026-04-08T12:55:00Z
4
value 0.00201
scoring_system epss
scoring_elements 0.42251
published_at 2026-04-11T12:55:00Z
5
value 0.00201
scoring_system epss
scoring_elements 0.42213
published_at 2026-04-12T12:55:00Z
6
value 0.00201
scoring_system epss
scoring_elements 0.42186
published_at 2026-04-13T12:55:00Z
7
value 0.00201
scoring_system epss
scoring_elements 0.42236
published_at 2026-04-16T12:55:00Z
8
value 0.00201
scoring_system epss
scoring_elements 0.422
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34703
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34703
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34703
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/randombit/botan/commit/08c404b23740babee1f6aa51b54e966029aadee4
reference_id 08c404b23740babee1f6aa51b54e966029aadee4
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-02T14:55:26Z/
url https://github.com/randombit/botan/commit/08c404b23740babee1f6aa51b54e966029aadee4
4
reference_url https://github.com/randombit/botan/commit/94e9154c143aa5264da6254a6a1be5bc66ee2b5a
reference_id 94e9154c143aa5264da6254a6a1be5bc66ee2b5a
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-02T14:55:26Z/
url https://github.com/randombit/botan/commit/94e9154c143aa5264da6254a6a1be5bc66ee2b5a
5
reference_url https://github.com/randombit/botan/security/advisories/GHSA-w4g2-7m2h-7xj7
reference_id GHSA-w4g2-7m2h-7xj7
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-02T14:55:26Z/
url https://github.com/randombit/botan/security/advisories/GHSA-w4g2-7m2h-7xj7
6
reference_url https://usn.ubuntu.com/7586-1/
reference_id USN-7586-1
reference_type
scores
url https://usn.ubuntu.com/7586-1/
fixed_packages
0
url pkg:deb/debian/botan@2.19.3%2Bdfsg-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/botan@2.19.3%2Bdfsg-1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan@2.19.3%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie
1
url pkg:deb/debian/botan@2.19.4%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/botan@2.19.4%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan@2.19.4%252Bdfsg-1%3Fdistro=trixie
2
url pkg:deb/debian/botan@2.19.5%2Bdfsg-4?distro=trixie
purl pkg:deb/debian/botan@2.19.5%2Bdfsg-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan@2.19.5%252Bdfsg-4%3Fdistro=trixie
aliases CVE-2024-34703
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgqy-r4ed-4bcv
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/botan@2.19.4%252Bdfsg-1%3Fdistro=trixie