UBUNTU-CVE-2016-9132
- Source
- https://ubuntu.com/security/CVE-2016-9132
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-9132.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-9132
- Related
- Published
- 2017-01-30T22:59:00Z
- Modified
- 2024-10-15T14:05:55Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / botan1.10
Package
- Name
- botan1.10
- Purl
- pkg:deb/ubuntu/botan1.10?arch=src?distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.10.5-1+deb7u1ubuntu0.14.04.1+esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1.10.5-1+deb7u1ubuntu0.14.04.1+esm1",
"binary_name": "botan1.10-dbg"
},
{
"binary_version": "1.10.5-1+deb7u1ubuntu0.14.04.1+esm1",
"binary_name": "libbotan-1.10-0"
},
{
"binary_version": "1.10.5-1+deb7u1ubuntu0.14.04.1+esm1",
"binary_name": "libbotan-1.10-0-dbgsym"
},
{
"binary_version": "1.10.5-1+deb7u1ubuntu0.14.04.1+esm1",
"binary_name": "libbotan1.10-dev"
},
{
"binary_version": "1.10.5-1+deb7u1ubuntu0.14.04.1+esm1",
"binary_name": "libbotan1.10-dev-dbgsym"
}
]
}