Vulnerability Description
Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Botan Project | Botan | <= 1.10.10 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://botan.randombit.net/security.htmlVendor Advisory
- http://marc.info/?l=botan-devel&m=145435148602911&w=2Vendor Advisory
- http://www.debian.org/security/2016/dsa-3565
- https://security.gentoo.org/glsa/201612-38
- http://botan.randombit.net/security.htmlVendor Advisory
- http://marc.info/?l=botan-devel&m=145435148602911&w=2Vendor Advisory
- http://www.debian.org/security/2016/dsa-3565
- https://security.gentoo.org/glsa/201612-38
FAQ
What is CVE-2016-2195?
CVE-2016-2195 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, ...
How severe is CVE-2016-2195?
CVE-2016-2195 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-2195?
Check the references section above for vendor advisories and patch information. Affected products include: Botan Project Botan, Debian Debian Linux.