Description
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.
References (4)
Core 4
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2Y3JLMTE3VIV4X5X6SXVZTJBDDLCS3D/
Patch x_refsource_confirm
https://github.com/randombit/botan/commit/987ad747db6d0d7e36f840398f3cf02e2fbfd90f
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95879
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OUDGVRQYQUL7F5MRP3LAV7EHRJG4BBE/
Scores
CVSS v3
9.8
EPSS
0.0026
EPSS Percentile
49.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (50)
botan_project/botan
1.8.0
botan_project/botan
1.8.1
botan_project/botan
1.8.2
botan_project/botan
1.8.3
botan_project/botan
1.8.4
botan_project/botan
1.8.5
botan_project/botan
1.8.6
botan_project/botan
1.8.7
botan_project/botan
1.8.8
botan_project/botan
1.8.9
... and 40 more
Published
Jan 30, 2017
Tracked Since
Feb 18, 2026