{"id":"CVE-2017-7252","details":"bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.","modified":"2026-04-10T04:00:51.008305Z","published":"2023-11-03T01:15:07.777Z","references":[{"type":"ADVISORY","url":"https://botan.randombit.net/security.html"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1034591"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/randombit/botan","events":[{"introduced":"ee912cd748a9b0bf56c84a49896dd2d57e0f81a6"},{"fixed":"7bdffd52a96e08e9452d1985258376a3925a497b"}],"database_specific":{"versions":[{"introduced":"1.11.0"},{"fixed":"2.1.0"}]}}],"versions":["1.11.0","1.11.10","1.11.11","1.11.12","1.11.13","1.11.14","1.11.15","1.11.16","1.11.17","1.11.18","1.11.19","1.11.2","1.11.20","1.11.21","1.11.22","1.11.23","1.11.24","1.11.25","1.11.26","1.11.27","1.11.28","1.11.29","1.11.3","1.11.30","1.11.31","1.11.32","1.11.33","1.11.34","1.11.5","1.11.6","1.11.7","1.11.8","1.11.9","2.0.0","2.0.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7252.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}