CVE-2016-6879

The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.

Published: Apr 10, 2017
Updated: Nov 9, 2025
CVE: CVE-2016-6879
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-320

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
botan_project / botan	1.11.18	1.11.18.x
botan_project / botan	1.11.0	1.11.0.x
botan_project / botan	1.11.21	1.11.21.x
botan_project / botan	1.11.26	1.11.26.x
botan_project / botan	1.11.19	1.11.19.x
botan_project / botan	1.11.12	1.11.12.x
botan_project / botan	1.11.3	1.11.3.x
botan_project / botan	1.11.17	1.11.17.x
botan_project / botan	1.11.10	1.11.10.x
botan_project / botan	1.11.14	1.11.14.x
botan_project / botan	1.11.1	1.11.1.x
botan_project / botan	1.11.6	1.11.6.x
botan_project / botan	1.11.25	1.11.25.x
botan_project / botan	1.11.30	1.11.30.x
botan_project / botan	1.11.27	1.11.27.x
botan_project / botan	1.11.11	1.11.11.x
botan_project / botan	1.11.24	1.11.24.x
botan_project / botan	1.11.4	1.11.4.x
botan_project / botan	1.11.29	1.11.29.x
botan_project / botan	1.11.7	1.11.7.x
botan_project / botan	1.11.5	1.11.5.x
botan_project / botan	1.11.20	1.11.20.x
botan_project / botan	1.11.8	1.11.8.x
botan_project / botan	1.11.13	1.11.13.x
botan_project / botan	1.11.28	1.11.28.x
botan_project / botan	1.11.15	1.11.15.x
botan_project / botan	1.11.23	1.11.23.x
botan_project / botan	1.11.9	1.11.9.x
botan_project / botan	1.11.16	1.11.16.x
botan_project / botan	1.11.2	1.11.2.x
botan_project / botan	1.11.22	1.11.22.x

https://botan.randombit.net/security.html#id2

Vulnerability Database

314,343

CVE-2016-6879

Deep Security Visibility Without the Complexity