Vulnerability Description
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Fedora | 24 |
| Botan Project | Botan | <= 1.10.13 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://botan.randombit.net/security.htmlVendor Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183669.html
- http://marc.info/?l=botan-devel&m=146185420505943&w=2Vendor Advisory
- http://www.debian.org/security/2016/dsa-3565
- http://botan.randombit.net/security.htmlVendor Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183669.html
- http://marc.info/?l=botan-devel&m=146185420505943&w=2Vendor Advisory
- http://www.debian.org/security/2016/dsa-3565
FAQ
What is CVE-2015-7827?
CVE-2015-7827 is a vulnerability with a CVSS score of 7.5 (HIGH). Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
How severe is CVE-2015-7827?
CVE-2015-7827 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7827?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Botan Project Botan, Debian Debian Linux.