NIXPKGS-2026-0960

GitHub issue published on

Permalink CVE-2026-34582

updated 3 weeks, 5 days ago by @LeSuisse Activity log

Created suggestion 3 weeks, 5 days ago
@LeSuisse ignored
8 packages
- emiluaPlugins.botan
- python312Packages.botan3
- python313Packages.botan3
- python314Packages.botan3
- haskellPackages.botan-low
- haskellPackages.botan-bindings
- chickenPackages_5.chickenEggs.botan
- botan2
3 weeks, 5 days ago
@LeSuisse accepted 3 weeks, 5 days ago
@LeSuisse published on GitHub 3 weeks, 5 days ago

Botan has a TLS 1.3 certificate authentication bypass

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which entirely omits Certificate, CertificateVerify, and the Finished message and instead sends application data records. This vulnerability is fixed in 3.11.1.

References

https://github.com/randombit/botan/security/advisories/GHSA-pxcj-9ppx-g86g x_refsource_CONFIRM

Affected products

botan

==< 3.11.1

Matching in nixpkgs

pkgs.botan3

Cryptographic algorithms library

nixos-unstable 3.11.0
- nixpkgs-unstable 3.11.1
- nixos-unstable-small 3.11.1
nixos-25.11 3.10.0
- nixos-25.11-small 3.10.0
- nixpkgs-25.11-darwin 3.10.0

pkgs.botanEsdm

Cryptographic algorithms library

nixos-unstable 3.11.0
- nixpkgs-unstable 3.11.1
- nixos-unstable-small 3.11.1
nixos-25.11 3.10.0
- nixos-25.11-small 3.10.0
- nixpkgs-25.11-darwin 3.10.0

Ignored packages (8)

pkgs.botan2

Cryptographic algorithms library

pkgs.emiluaPlugins.botan

Securely clears secrets from memory in Emilua

nixos-unstable 1.2.1
- nixpkgs-unstable 1.2.1
- nixos-unstable-small 1.2.1
nixos-25.11 1.2.1
- nixos-25.11-small 1.2.1
- nixpkgs-25.11-darwin 1.2.1

pkgs.python312Packages.botan3

Python Bindings for botan3 cryptography library

nixos-25.11 botan3-3.10.0
- nixos-25.11-small botan3-3.10.0
- nixpkgs-25.11-darwin botan3-3.10.0

pkgs.python313Packages.botan3

Python Bindings for botan3 cryptography library

nixos-unstable botan3-3.11.0
- nixpkgs-unstable botan3-3.11.1
- nixos-unstable-small botan3-3.11.1
nixos-25.11 botan3-3.10.0
- nixos-25.11-small botan3-3.10.0
- nixpkgs-25.11-darwin botan3-3.10.0

pkgs.python314Packages.botan3

Python Bindings for botan3 cryptography library

nixos-unstable botan3-3.11.0
- nixpkgs-unstable botan3-3.11.1
- nixos-unstable-small botan3-3.11.1

pkgs.haskellPackages.botan-low

Low-level Botan bindings

nixos-unstable 0.1.0.0
- nixpkgs-unstable 0.1.0.0
- nixos-unstable-small 0.1.0.0
nixos-25.11 0.0.2.0
- nixos-25.11-small 0.0.2.0
- nixpkgs-25.11-darwin 0.0.2.0

pkgs.haskellPackages.botan-bindings

Raw Botan bindings

nixos-unstable 0.2.0.0
- nixpkgs-unstable 0.2.0.0
- nixos-unstable-small 0.2.0.0
nixos-25.11 0.1.0.0
- nixos-25.11-small 0.1.0.0
- nixpkgs-25.11-darwin 0.1.0.0

pkgs.chickenPackages_5.chickenEggs.botan

Bindings to the Botan cryptographic library

Package maintainers

@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@thillux Markus Theil <theil.markus@gmail.com>
@nikstur nikstur <nikstur@outlook.com>

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0960

References

Affected products

Matching in nixpkgs

pkgs.botan3

pkgs.botanEsdm

pkgs.botan2

pkgs.emiluaPlugins.botan

pkgs.python312Packages.botan3

pkgs.python313Packages.botan3

pkgs.python314Packages.botan3

pkgs.haskellPackages.botan-low

pkgs.haskellPackages.botan-bindings

pkgs.chickenPackages_5.chickenEggs.botan

Package maintainers