CVE-2017-7252

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-7252

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7252.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-7252

Published

2023-11-03T01:15:07.777Z

Modified

2026-04-10T04:00:51.008305Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.

References

Affected packages

Git / github.com/randombit/botan

Affected ranges

Type

GIT

Repo

https://github.com/randombit/botan

Events

Introduced

ee912cd748a9b0bf56c84a49896dd2d57e0f81a6

Fixed

7bdffd52a96e08e9452d1985258376a3925a497b

Database specific

{
    "versions": [
        {
            "introduced": "1.11.0"
        },
        {
            "fixed": "2.1.0"
        }
    ]
}

Affected versions

1.*

1.11.0

1.11.10

1.11.11

1.11.12

1.11.13

1.11.14

1.11.15

1.11.16

1.11.17

1.11.18

1.11.19

1.11.2

1.11.20

1.11.21

1.11.22

1.11.23

1.11.24

1.11.25

1.11.26

1.11.27

1.11.28

1.11.29

1.11.3

1.11.30

1.11.31

1.11.32

1.11.33

1.11.34

1.11.5

1.11.6

1.11.7

1.11.8

1.11.9

2.*

2.0.0

2.0.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7252.json"