Moderaterandombit

Name of the Vulnerable Software and Affected Versions: Botan versions prior to 2.19.5 Botan versions prior to 3.5.0 Description: A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtrees and excluded subtrees, only the permitted subtree would be checked. If a certificate included a name which was permitted by the permitted subtree but also excluded by excluded subtree, it would be accepted. This issue is related to the authentication procedure of the Botan C++ cryptography library. Recommendations: For versions prior to 2.19.5, update to version 2.19.5 or later. For versions prior to 3.5.0, update to version 3.5.0 or later.

**Name of the Vulnerable Software and Affected Versions** Botan versions prior to 2.19.3 **Description** The issue is related to a certificate verification error in the Botan C++ cryptographic library, allowing a remote attacker to forge OCSP responses. This problem was introduced in Botan version 1.11.34. **Recommendations** For versions prior to 2.19.3, update to version 2.19.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of certificate verification functions until a patch is available.