CVE-2016-6878

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-6878

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6878.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-6878

Published

2017-04-10T15:59:00.330Z

Modified

2025-11-20T10:30:52.659391Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang.

References

https://botan.randombit.net/security.html#id2

Affected packages

Git / github.com/randombit/botan

Affected ranges

Type: GIT
Repo: https://github.com/randombit/botan
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0b6d2a853638206dfa43420d5419e8b719505cc7

Affected versions

1.*

1.10.0

1.10.0-rc1

1.10.1

1.11.0

1.11.1

1.11.10

1.11.11

1.11.12

1.11.13

1.11.14

1.11.15

1.11.16

1.11.17

1.11.18

1.11.19

1.11.2

1.11.20

1.11.21

1.11.22

1.11.23

1.11.24

1.11.25

1.11.26

1.11.27

1.11.28

1.11.29

1.11.3

1.11.30

1.11.4

1.11.5

1.11.6

1.11.7

1.11.8

1.11.9

1.5.10

1.5.11

1.5.12

1.5.13

1.5.6

1.5.7

1.5.8

1.5.9

1.6.0

1.6.1

1.6.2

1.6.3

1.7.0

1.7.1

1.7.10

1.7.11

1.7.12

1.7.13

1.7.14

1.7.15

1.7.16

1.7.17

1.7.18

1.7.19

1.7.2

1.7.20

1.7.21

1.7.22

1.7.23

1.7.24

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.7.8

1.7.9

1.8.0

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.8.8

1.9.0

1.9.1

1.9.10

1.9.11

1.9.12

1.9.13

1.9.14

1.9.15

1.9.16

1.9.17

1.9.18

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

1.9.7

1.9.8

1.9.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6878.json"