CVE-2016-2195

Name of the Vulnerable Software and Affected Versions Botan versions prior to 1.10.11 Botan versions 1.11.x prior to 1.11.27

Description The issue is caused by an integer overflow in the PointGFp constructor, which allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point. This triggers a heap-based buffer overflow. The bigint mul and bigint sqr functions received the size of the output buffer but only used it to dispatch to a faster algorithm in cases where there was sufficient output space to call an unrolled multiplication function. The result is a heap overflow accessible via ECC point decoding, which accepted untrusted inputs. This is likely exploitable for remote code execution.

Recommendations For Botan versions prior to 1.10.11, update to version 1.10.11 or later. For Botan versions 1.11.x prior to 1.11.27, update to version 1.11.27 or later. As a temporary workaround, consider restricting the use of the PointGFp constructor and ECC point decoding functions until a patch is available. Avoid using the bigint mul and bigint sqr functions with untrusted inputs until the issue is resolved.