VulnerableCode Package Details - pkg:deb/debian/botan@2.4.0-6?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/botan@2.4.0-6?distro=trixie

Essentials
History (3)

purl	pkg:deb/debian/botan@2.4.0-6?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-bdvc-y1wv-gkcf	An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will subsequently fail and the connection will be closed. This could be used for denial of service. No information leak occurs.	CVE-2018-9860

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T09:38:28.171475+00:00	Debian Importer	Fixing	VCID-bdvc-y1wv-gkcf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-11T18:24:59.399093+00:00	Debian Importer	Fixing	VCID-bdvc-y1wv-gkcf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:05:27.467928+00:00	Debian Importer	Fixing	VCID-bdvc-y1wv-gkcf	https://security-tracker.debian.org/tracker/data/json	38.1.0