Описание
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.
Ссылки
- Third Party AdvisoryVDB Entry
- Patch
- Third Party AdvisoryVDB Entry
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:botan_project:botan:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.8.8:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.8.9:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.8.10:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.8.11:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.8.12:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.8.13:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.8.14:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.8.15:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.9.4:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.9.5:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.9.6:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.9.7:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.9.8:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.9.9:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.9.10:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.9.11:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.9.12:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.9.13:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.9.14:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.9.15:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.9.16:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.9.17:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.9.18:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.10.2:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.10.3:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.10.4:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.10.5:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.10.6:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.10.7:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.10.8:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.10.9:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.10.10:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.10.11:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.10.12:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.10.13:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.10.14:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.10.15:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.29:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.30:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.31:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.32:*:*:*:*:*:*:*
cpe:2.3:a:botan_project:botan:1.11.33:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00258
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-190
Связанные уязвимости
CVSS3: 9.8
ubuntu
около 9 лет назад
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.
CVSS3: 9.8
debian
около 9 лет назад
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer over ...
CVSS3: 9.8
github
больше 3 лет назад
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.
EPSS
Процентиль: 49%
0.00258
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-190