Vulnerability Details CVE-2015-5726
The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2015-5726
-
cpe:2.3:a:botan_project:botan:1.10.0
-
cpe:2.3:a:botan_project:botan:1.10.1
-
cpe:2.3:a:botan_project:botan:1.10.2
-
cpe:2.3:a:botan_project:botan:1.10.3
-
cpe:2.3:a:botan_project:botan:1.10.4
-
cpe:2.3:a:botan_project:botan:1.10.5
-
cpe:2.3:a:botan_project:botan:1.10.6
-
cpe:2.3:a:botan_project:botan:1.10.7
-
cpe:2.3:a:botan_project:botan:1.10.8
-
cpe:2.3:a:botan_project:botan:1.10.9
-
cpe:2.3:a:botan_project:botan:1.11.0
-
cpe:2.3:a:botan_project:botan:1.11.1
-
cpe:2.3:a:botan_project:botan:1.11.10
-
cpe:2.3:a:botan_project:botan:1.11.11
-
cpe:2.3:a:botan_project:botan:1.11.12
-
cpe:2.3:a:botan_project:botan:1.11.13
-
cpe:2.3:a:botan_project:botan:1.11.14
-
cpe:2.3:a:botan_project:botan:1.11.15
-
cpe:2.3:a:botan_project:botan:1.11.16
-
cpe:2.3:a:botan_project:botan:1.11.17
-
cpe:2.3:a:botan_project:botan:1.11.18
-
cpe:2.3:a:botan_project:botan:1.11.2
-
cpe:2.3:a:botan_project:botan:1.11.3
-
cpe:2.3:a:botan_project:botan:1.11.4
-
cpe:2.3:a:botan_project:botan:1.11.5
-
cpe:2.3:a:botan_project:botan:1.11.6
-
cpe:2.3:a:botan_project:botan:1.11.7
-
cpe:2.3:a:botan_project:botan:1.11.8
-
cpe:2.3:a:botan_project:botan:1.11.9
-
cpe:2.3:o:debian:debian_linux:8.0