CVE-2016-9132

NameCVE-2016-9132
DescriptionIn Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-786-1
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
botan1.10 (PTS)jessie (security), jessie1.10.8-2+deb8u2vulnerable
stretch1.10.16-1fixed
sid1.10.17-0.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
botan1.10source(unstable)1.10.14-1high
botan1.10sourcewheezy1.10.5-1+deb7u2highDLA-786-1

Notes

[jessie] - botan1.10 <ignored> (Minor issue, not believed to be exploitable in practice)
Fixed in 1.10.14 and 1.11.34, all prior versions affected.
Fixed by: https://github.com/randombit/botan/commit/987ad747db6d0d7e36f840398f3cf02e2fbfd90f

Search for package or bug name: Reporting problems