Integer overflow in Botan - CVE-2016-9132
Published: January 31, 2017 / Updated: August 8, 2020
Vulnerability identifier: #VU39767
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-9132
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Randombit
Affected software:
Botan
Botan
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.
How to mitigate CVE-2016-9132
Install update from vendor's website.
Sources
- http://www.securityfocus.com/bid/95879
- https://github.com/randombit/botan/commit/987ad747db6d0d7e36f840398f3cf02e2fbfd90f
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OUDGVRQYQUL7F5MRP3LAV7EHRJG4BBE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z2Y3JLMTE3VIV4X5X6SXVZTJBDDLCS3D/