How severe is CVE-2024-34702?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-34702?

This is classified as CWE-405, which is a common weakness in software security.

CVE-2024-34702 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.

Related Vulnerabilities

CVE-2019-11479

MEDIUM

CVSS:5.3(Medium)

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A...

CWE-4052019

CVE-2024-0450

MEDIUM

CVSS:6.2(Medium)

An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploi...

CWE-4052024

CVE-2024-40705

MEDIUM

CVSS:6.5(Medium)

IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279.

CWE-4052024

CVE-2018-15492

HIGH

CVSS:7.5(High)

A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.

CWE-4052018

CVE-2021-21359

HIGH

CVSS:7.5(High)

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler ...

CWE-4052021

CVE-2021-38447

HIGH

CVSS:7.5(High)

OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition.

CWE-4052021