rpm package
suse/Botan&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/Botan&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-9132 | Cri | 9.8 | < 1.6.5-4.1 | 1.6.5-4.1 | Jan 30, 2017 | In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption | |
| CVE-2015-7827 | Hig | 7.5 | < 1.6.5-4.1 | 1.6.5-4.1 | May 13, 2016 | Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding. |
- affected < 1.6.5-4.1fixed 1.6.5-4.1
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption
- affected < 1.6.5-4.1fixed 1.6.5-4.1
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.