Vulnerability Details CVE-2016-9132
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.securityfocus.com/bid/95879
- https://github.com/randombit/botan/commit/987ad747db6d0d7e36f840398f3cf02e2fbfd90f
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OUDGVRQYQUL7F5MRP3LAV7EHRJG4BBE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2Y3JLMTE3VIV4X5X6SXVZTJBDDLCS3D/
- http://www.securityfocus.com/bid/95879
- https://github.com/randombit/botan/commit/987ad747db6d0d7e36f840398f3cf02e2fbfd90f
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OUDGVRQYQUL7F5MRP3LAV7EHRJG4BBE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2Y3JLMTE3VIV4X5X6SXVZTJBDDLCS3D/
Products affected by CVE-2016-9132
-
cpe:2.3:a:botan_project:botan:1.10.0
-
cpe:2.3:a:botan_project:botan:1.10.1
-
cpe:2.3:a:botan_project:botan:1.10.10
-
cpe:2.3:a:botan_project:botan:1.10.11
-
cpe:2.3:a:botan_project:botan:1.10.12
-
cpe:2.3:a:botan_project:botan:1.10.13
-
cpe:2.3:a:botan_project:botan:1.10.14
-
cpe:2.3:a:botan_project:botan:1.10.15
-
cpe:2.3:a:botan_project:botan:1.10.2
-
cpe:2.3:a:botan_project:botan:1.10.3
-
cpe:2.3:a:botan_project:botan:1.10.4
-
cpe:2.3:a:botan_project:botan:1.10.5
-
cpe:2.3:a:botan_project:botan:1.10.6
-
cpe:2.3:a:botan_project:botan:1.10.7
-
cpe:2.3:a:botan_project:botan:1.10.8
-
cpe:2.3:a:botan_project:botan:1.10.9
-
cpe:2.3:a:botan_project:botan:1.11.0
-
cpe:2.3:a:botan_project:botan:1.11.1
-
cpe:2.3:a:botan_project:botan:1.11.10
-
cpe:2.3:a:botan_project:botan:1.11.11
-
cpe:2.3:a:botan_project:botan:1.11.12
-
cpe:2.3:a:botan_project:botan:1.11.13
-
cpe:2.3:a:botan_project:botan:1.11.14
-
cpe:2.3:a:botan_project:botan:1.11.15
-
cpe:2.3:a:botan_project:botan:1.11.16
-
cpe:2.3:a:botan_project:botan:1.11.17
-
cpe:2.3:a:botan_project:botan:1.11.18
-
cpe:2.3:a:botan_project:botan:1.11.19
-
cpe:2.3:a:botan_project:botan:1.11.2
-
cpe:2.3:a:botan_project:botan:1.11.20
-
cpe:2.3:a:botan_project:botan:1.11.21
-
cpe:2.3:a:botan_project:botan:1.11.23
-
cpe:2.3:a:botan_project:botan:1.11.24
-
cpe:2.3:a:botan_project:botan:1.11.25
-
cpe:2.3:a:botan_project:botan:1.11.26
-
cpe:2.3:a:botan_project:botan:1.11.27
-
cpe:2.3:a:botan_project:botan:1.11.28
-
cpe:2.3:a:botan_project:botan:1.11.29
-
cpe:2.3:a:botan_project:botan:1.11.3
-
cpe:2.3:a:botan_project:botan:1.11.30
-
cpe:2.3:a:botan_project:botan:1.11.31
-
cpe:2.3:a:botan_project:botan:1.11.32
-
cpe:2.3:a:botan_project:botan:1.11.33
-
cpe:2.3:a:botan_project:botan:1.11.4
-
cpe:2.3:a:botan_project:botan:1.11.5
-
cpe:2.3:a:botan_project:botan:1.11.6
-
cpe:2.3:a:botan_project:botan:1.11.7
-
cpe:2.3:a:botan_project:botan:1.11.8
-
cpe:2.3:a:botan_project:botan:1.11.9
-
cpe:2.3:a:botan_project:botan:1.8.0
-
cpe:2.3:a:botan_project:botan:1.8.1
-
cpe:2.3:a:botan_project:botan:1.8.10
-
cpe:2.3:a:botan_project:botan:1.8.11
-
cpe:2.3:a:botan_project:botan:1.8.12
-
cpe:2.3:a:botan_project:botan:1.8.13
-
cpe:2.3:a:botan_project:botan:1.8.14
-
cpe:2.3:a:botan_project:botan:1.8.15
-
cpe:2.3:a:botan_project:botan:1.8.2
-
cpe:2.3:a:botan_project:botan:1.8.3
-
cpe:2.3:a:botan_project:botan:1.8.4
-
cpe:2.3:a:botan_project:botan:1.8.5
-
cpe:2.3:a:botan_project:botan:1.8.6
-
cpe:2.3:a:botan_project:botan:1.8.7
-
cpe:2.3:a:botan_project:botan:1.8.8
-
cpe:2.3:a:botan_project:botan:1.8.9
-
cpe:2.3:a:botan_project:botan:1.9.0
-
cpe:2.3:a:botan_project:botan:1.9.1
-
cpe:2.3:a:botan_project:botan:1.9.10
-
cpe:2.3:a:botan_project:botan:1.9.11
-
cpe:2.3:a:botan_project:botan:1.9.12
-
cpe:2.3:a:botan_project:botan:1.9.13
-
cpe:2.3:a:botan_project:botan:1.9.14
-
cpe:2.3:a:botan_project:botan:1.9.15
-
cpe:2.3:a:botan_project:botan:1.9.16
-
cpe:2.3:a:botan_project:botan:1.9.17
-
cpe:2.3:a:botan_project:botan:1.9.18
-
cpe:2.3:a:botan_project:botan:1.9.2
-
cpe:2.3:a:botan_project:botan:1.9.3
-
cpe:2.3:a:botan_project:botan:1.9.4
-
cpe:2.3:a:botan_project:botan:1.9.5
-
cpe:2.3:a:botan_project:botan:1.9.6
-
cpe:2.3:a:botan_project:botan:1.9.7
-
cpe:2.3:a:botan_project:botan:1.9.8
-
cpe:2.3:a:botan_project:botan:1.9.9