Asymmetric Resource Consumption (Amplification) in Botan - CVE-2024-34702
Published: July 23, 2024
Vulnerability identifier: #VU94671
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2024-34702
CWE-ID: CWE-405
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Randombit
Affected software:
Botan
Botan
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to excessive name constraints. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
How to mitigate CVE-2024-34702
Install updates from vendor's website.
Sources
- https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j
- https://github.com/randombit/botan/pull/4034
- https://github.com/randombit/botan/pull/4045
- https://github.com/randombit/botan/pull/4047
- https://github.com/randombit/botan/pull/4052
- https://github.com/randombit/botan/pull/4186
- https://github.com/randombit/botan/pull/4187
- https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e
- https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac
- https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1
- https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf
- https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41
- https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8