{"id":"CVE-2016-2850","details":"Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.","modified":"2026-07-08T05:48:15.875510554Z","published":"2016-05-13T14:59:11.743Z","database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"24"},{"last_affected":"24"}],"vendor_product":"fedoraproject:fedora","source":"CPE_STRING"}]},"references":[{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183669.html"},{"type":"ADVISORY","url":"http://botan.randombit.net/security.html"},{"type":"ADVISORY","url":"http://marc.info/?l=botan-devel&m=145852488622892&w=2"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-23"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/randombit/botan","events":[{"introduced":"ee912cd748a9b0bf56c84a49896dd2d57e0f81a6"},{"last_affected":"87a59dd0ea8a783540d30bb697b4c86d9b66f7ee"}],"database_specific":{"cpe":["cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*","cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"1.11.0"},{"last_affected":"1.11.0"},{"introduced":"1.11.1"},{"last_affected":"1.11.1"},{"introduced":"1.11.2"},{"last_affected":"1.11.2"},{"introduced":"1.11.3"},{"last_affected":"1.11.3"},{"introduced":"1.11.4"},{"last_affected":"1.11.4"},{"introduced":"1.11.5"},{"last_affected":"1.11.5"},{"introduced":"1.11.6"},{"last_affected":"1.11.6"},{"introduced":"1.11.7"},{"last_affected":"1.11.7"},{"introduced":"1.11.8"},{"last_affected":"1.11.8"},{"introduced":"1.11.9"},{"last_affected":"1.11.9"},{"introduced":"1.11.10"},{"last_affected":"1.11.10"},{"introduced":"1.11.11"},{"last_affected":"1.11.11"},{"introduced":"1.11.12"},{"last_affected":"1.11.12"},{"introduced":"1.11.13"},{"last_affected":"1.11.13"},{"introduced":"1.11.14"},{"last_affected":"1.11.14"},{"introduced":"1.11.15"},{"last_affected":"1.11.15"},{"introduced":"1.11.16"},{"last_affected":"1.11.16"},{"introduced":"1.11.17"},{"last_affected":"1.11.17"},{"introduced":"1.11.18"},{"last_affected":"1.11.18"},{"introduced":"1.11.19"},{"last_affected":"1.11.19"},{"introduced":"1.11.20"},{"last_affected":"1.11.20"},{"introduced":"1.11.21"},{"last_affected":"1.11.21"},{"introduced":"1.11.22"},{"last_affected":"1.11.22"},{"introduced":"1.11.23"},{"last_affected":"1.11.23"},{"introduced":"1.11.24"},{"last_affected":"1.11.24"},{"introduced":"1.11.25"},{"last_affected":"1.11.25"},{"introduced":"1.11.26"},{"last_affected":"1.11.26"},{"introduced":"1.11.27"},{"last_affected":"1.11.27"},{"introduced":"1.11.28"},{"last_affected":"1.11.28"}],"source":"CPE_STRING"}}],"versions":["1.11.0","1.11.1","1.11.10","1.11.11","1.11.12","1.11.13","1.11.14","1.11.15","1.11.16","1.11.17","1.11.18","1.11.19","1.11.2","1.11.20","1.11.21","1.11.22","1.11.23","1.11.24","1.11.25","1.11.26","1.11.27","1.11.28","1.11.3","1.11.4","1.11.5","1.11.6","1.11.7","1.11.8","1.11.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2850.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}