In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-01-30T22:00:00

Updated: 2024-08-06T02:42:10.498Z

Reserved: 2016-10-31T00:00:00

Link: CVE-2016-9132

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-01-30T22:59:00.827

Modified: 2024-11-21T03:00:40.820

Link: CVE-2016-9132

cve-icon Redhat

No data.