Vulnerability Description
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Botan Project | Botan | 1.8.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/95879Third Party AdvisoryVDB Entry
- https://github.com/randombit/botan/commit/987ad747db6d0d7e36f840398f3cf02e2fbfd9Patch
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- http://www.securityfocus.com/bid/95879Third Party AdvisoryVDB Entry
- https://github.com/randombit/botan/commit/987ad747db6d0d7e36f840398f3cf02e2fbfd9Patch
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2016-9132?
CVE-2016-9132 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and...
How severe is CVE-2016-9132?
CVE-2016-9132 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-9132?
Check the references section above for vendor advisories and patch information. Affected products include: Botan Project Botan.