PT-2017-9969 · Botan+2 · Botan+2

Falko Strenzke

Publicado

2017-01-30

Atualizado

2024-06-15

CVE-2016-9132

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Botan versions 1.8.0 through 1.11.33

Description The issue arises when decoding BER data, potentially leading to an integer overflow. This overflow causes an incorrect length field to be computed. Some API callers may utilize the returned length field, which could be controlled by an attacker, resulting in memory corruption or other failures.

Recommendations For Botan versions 1.8.0 through 1.11.33, consider updating to a version where this issue is fixed, as using the returned length field from the BER data decoding could lead to memory corruption or other failures. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2018-1589

CVE-2016-9132

DLA-786-1

MGASA-2017-0321

OPENSUSE-SU-2024:10594-1

SUSE-SU-2017:1222-1

SUSE-SU-2017:1305-1

SUSE-SU-2017:1351-1

Produtos afetados

Alt Linux

Botan

Suse

PT-2017-9969 · Botan+2 · Botan+2

CVE-2016-9132

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 54