High severity7.5NVD Advisory· Published Apr 12, 2018· Updated Jun 17, 2026
CVE-2018-9860
CVE-2018-9860
Description
An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will subsequently fail and the connection will be closed. This could be used for denial of service. No information leak occurs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >=1.11.32, <2.6.0
Patches
Vulnerability mechanics
References
2- botan.randombit.net/security.htmlnvdVendor Advisory
- bugs.chromium.org/p/oss-fuzz/issues/detailnvdIssue Tracking
News mentions
0No linked articles in our index yet.