In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:36
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-01-30 22:59
Updated : 2024-02-28 15:44
NVD link : CVE-2016-9132
Mitre link : CVE-2016-9132
CVE.ORG link : CVE-2016-9132
JSON object : View
Products Affected
botan_project
- botan
CWE
CWE-190
Integer Overflow or Wraparound