CVE-2016-2195

Published on: 05/13/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:15 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Botan from Botan Project contain the following vulnerability:

Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.

  • CVE-2016-2195 has been assigned by [email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 10 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
Debian -- Security Information -- DSA-3565-1 botan1.10 www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3565
Security — Botan Vendor Advisory
botan.randombit.net
text/html
URL Logo CONFIRM botan.randombit.net/security.html
'[botan-devel] Botan 1.11.28 and 1.10.11 released with security fixes' - MARC Vendor Advisory
marc.info
text/html
URL Logo MLIST [botan-devel] 20160201 Botan 1.11.28 and 1.10.11 released with security fixes
Botan: Multiple vulnerabilities (GLSA 201612-38) — Gentoo security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201612-38

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationBotan ProjectBotan1.11.0AllAllAll
ApplicationBotan ProjectBotan1.11.1AllAllAll
ApplicationBotan ProjectBotan1.11.10AllAllAll
ApplicationBotan ProjectBotan1.11.11AllAllAll
ApplicationBotan ProjectBotan1.11.12AllAllAll
ApplicationBotan ProjectBotan1.11.13AllAllAll
ApplicationBotan ProjectBotan1.11.14AllAllAll
ApplicationBotan ProjectBotan1.11.15AllAllAll
ApplicationBotan ProjectBotan1.11.16AllAllAll
ApplicationBotan ProjectBotan1.11.17AllAllAll
ApplicationBotan ProjectBotan1.11.18AllAllAll
ApplicationBotan ProjectBotan1.11.19AllAllAll
ApplicationBotan ProjectBotan1.11.2AllAllAll
ApplicationBotan ProjectBotan1.11.20AllAllAll
ApplicationBotan ProjectBotan1.11.21AllAllAll
ApplicationBotan ProjectBotan1.11.22AllAllAll
ApplicationBotan ProjectBotan1.11.23AllAllAll
ApplicationBotan ProjectBotan1.11.24AllAllAll
ApplicationBotan ProjectBotan1.11.25AllAllAll
ApplicationBotan ProjectBotan1.11.26AllAllAll
ApplicationBotan ProjectBotan1.11.3AllAllAll
ApplicationBotan ProjectBotan1.11.4AllAllAll
ApplicationBotan ProjectBotan1.11.5AllAllAll
ApplicationBotan ProjectBotan1.11.6AllAllAll
ApplicationBotan ProjectBotan1.11.7AllAllAll
ApplicationBotan ProjectBotan1.11.8AllAllAll
ApplicationBotan ProjectBotan1.11.9AllAllAll
ApplicationBotan ProjectBotan1.11.0AllAllAll
ApplicationBotan ProjectBotan1.11.1AllAllAll
ApplicationBotan ProjectBotan1.11.10AllAllAll
ApplicationBotan ProjectBotan1.11.11AllAllAll
ApplicationBotan ProjectBotan1.11.12AllAllAll
ApplicationBotan ProjectBotan1.11.13AllAllAll
ApplicationBotan ProjectBotan1.11.14AllAllAll
ApplicationBotan ProjectBotan1.11.15AllAllAll
ApplicationBotan ProjectBotan1.11.16AllAllAll
ApplicationBotan ProjectBotan1.11.17AllAllAll
ApplicationBotan ProjectBotan1.11.18AllAllAll
ApplicationBotan ProjectBotan1.11.19AllAllAll
ApplicationBotan ProjectBotan1.11.2AllAllAll
ApplicationBotan ProjectBotan1.11.20AllAllAll
ApplicationBotan ProjectBotan1.11.21AllAllAll
ApplicationBotan ProjectBotan1.11.22AllAllAll
ApplicationBotan ProjectBotan1.11.23AllAllAll
ApplicationBotan ProjectBotan1.11.24AllAllAll
ApplicationBotan ProjectBotan1.11.25AllAllAll
ApplicationBotan ProjectBotan1.11.26AllAllAll
ApplicationBotan ProjectBotan1.11.3AllAllAll
ApplicationBotan ProjectBotan1.11.4AllAllAll
ApplicationBotan ProjectBotan1.11.5AllAllAll
ApplicationBotan ProjectBotan1.11.6AllAllAll
ApplicationBotan ProjectBotan1.11.7AllAllAll
ApplicationBotan ProjectBotan1.11.8AllAllAll
ApplicationBotan ProjectBotan1.11.9AllAllAll
ApplicationBotan ProjectBotanAllAllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
  • cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*: