Описание
Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow. The bigint_mul and bigint_sqr functions received the size of the output buffer, but only used it to dispatch to a faster algorithm in cases where there was sufficient output space to call an unrolled multiplication function. The result is a heap overflow accessible via ECC point decoding, which accepted untrusted inputs. This is likely exploitable for remote code execution.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.10.12-1 |
| esm-apps/xenial | not-affected | 1.10.12-1 |
| esm-infra-legacy/trusty | released | 1.10.5-1+deb7u1ubuntu0.14.04.1 |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | released | 1.10.5-1+deb7u1ubuntu0.14.04.1 |
| trusty/esm | released | 1.10.5-1+deb7u1ubuntu0.14.04.1 |
| upstream | released | 1.10.12-1 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
10 Critical
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.
Integer overflow in the PointGFp constructor in Botan before 1.10.11 a ...
Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.
10 Critical
CVSS2
9.8 Critical
CVSS3