PT-2024-6609 · Botan+4 · Botan+4

Bing Shi

Published

2024-05-10

Updated

2025-09-03

CVE-2024-34702

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions: Botan versions prior to 3.5.0 Botan versions prior to 2.19.5

Description: The issue is related to the processing of X.509 certificates in the Botan C++ cryptography library. Checking name constraints in these certificates is quadratic in the number of names and name constraints, which can lead to a denial of service. An attacker could exploit this by presenting a certificate chain with a large number of names in the SubjectAlternativeName, signed by a CA certificate with a large number of name constraints.

Recommendations: For Botan versions prior to 3.5.0, update to version 3.5.0 to resolve the issue. For Botan versions prior to 2.19.5, update to version 2.19.5 to partially address the issue. As a temporary workaround, consider restricting the number of names in the SubjectAlternativeName field to minimize the risk of exploitation.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-405

Related Identifiers

AZL-43942

AZL-44796

BDU:2024-07764

CVE-2024-34702

GHSA-5GG9-HQPR-R58J

OESA-2024-1923

OESA-2024-1924

OESA-2024-1925

OPENSUSE-SU-2024:0201-1

OPENSUSE-SU-2024:14188-1

USN-7586-1

Affected Products

Botan

Debian

Linuxmint

Red Os

Ubuntu

PT-2024-6609 · Botan+4 · Botan+4

CVE-2024-34702

Weakness Enumeration

Related Identifiers

Affected Products

References · 58