Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Debian 8: DSA-3565-1 Moderate: Botan1.10 Heap Overflow & Memory Crash

debian
Calendar Grey May 2, 2016
Scroller Debian
- ------------------------------------------------------------------------- Debian Security Advisory
Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, including encryption, authentication, X.509...

Summary

CVE-2015-5726
The BER decoder would crash due to reading from offset 0 of an
empty vector if it encountered a BIT STRING which did not contain
any data at all. This can be used to easily crash applications
reading untrusted ASN.1 data, but does not seem exploitable for
code execution.

CVE-2015-5727
The BER decoder would allocate a fairly arbitrary amount of memory
in a length field, even if there was no chance the read request
would succeed. This might cause the process to run out of memory or
invoke the OOM killer.

CVE-2015-7827
Use constant time PKCS #1 unpadding to avoid possible side channel
attack against RSA decryption

CVE-2016-2194
Infinite loop in modular square root algorithm.
The ressol function implementing the Tonelli-Shanks algorithm for
finding square roots could be sent into a nearly infinite loop due
to a misplaced conditional check. This could occur if a composite
modulus is provided, as this algorithm is only defined for...

Read the Full Advisory

Package: botan1.10
CVE ID: CVE-2015-5726 CVE-2015-5727 CVE-2015-7827 CVE-2016-2194

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.