CVE-2016-9132
Summary
| CVE | CVE-2016-9132 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-01-30 22:59:00 UTC |
| Updated | 2023-11-07 02:36:00 UTC |
| Description | In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure. |
Risk And Classification
Problem Types: CWE-190
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Botan Project | Botan | 1.10.0 | All | All | All |
| Application | Botan Project | Botan | 1.10.1 | All | All | All |
| Application | Botan Project | Botan | 1.10.10 | All | All | All |
| Application | Botan Project | Botan | 1.10.11 | All | All | All |
| Application | Botan Project | Botan | 1.10.12 | All | All | All |
| Application | Botan Project | Botan | 1.10.13 | All | All | All |
| Application | Botan Project | Botan | 1.10.14 | All | All | All |
| Application | Botan Project | Botan | 1.10.15 | All | All | All |
| Application | Botan Project | Botan | 1.10.2 | All | All | All |
| Application | Botan Project | Botan | 1.10.3 | All | All | All |
| Application | Botan Project | Botan | 1.10.4 | All | All | All |
| Application | Botan Project | Botan | 1.10.5 | All | All | All |
| Application | Botan Project | Botan | 1.10.6 | All | All | All |
| Application | Botan Project | Botan | 1.10.7 | All | All | All |
| Application | Botan Project | Botan | 1.10.8 | All | All | All |
| Application | Botan Project | Botan | 1.10.9 | All | All | All |
| Application | Botan Project | Botan | 1.11.0 | All | All | All |
| Application | Botan Project | Botan | 1.11.1 | All | All | All |
| Application | Botan Project | Botan | 1.11.10 | All | All | All |
| Application | Botan Project | Botan | 1.11.11 | All | All | All |
| Application | Botan Project | Botan | 1.11.12 | All | All | All |
| Application | Botan Project | Botan | 1.11.13 | All | All | All |
| Application | Botan Project | Botan | 1.11.14 | All | All | All |
| Application | Botan Project | Botan | 1.11.15 | All | All | All |
| Application | Botan Project | Botan | 1.11.16 | All | All | All |
| Application | Botan Project | Botan | 1.11.17 | All | All | All |
| Application | Botan Project | Botan | 1.11.18 | All | All | All |
| Application | Botan Project | Botan | 1.11.19 | All | All | All |
| Application | Botan Project | Botan | 1.11.2 | All | All | All |
| Application | Botan Project | Botan | 1.11.20 | All | All | All |
| Application | Botan Project | Botan | 1.11.21 | All | All | All |
| Application | Botan Project | Botan | 1.11.23 | All | All | All |
| Application | Botan Project | Botan | 1.11.24 | All | All | All |
| Application | Botan Project | Botan | 1.11.25 | All | All | All |
| Application | Botan Project | Botan | 1.11.26 | All | All | All |
| Application | Botan Project | Botan | 1.11.27 | All | All | All |
| Application | Botan Project | Botan | 1.11.28 | All | All | All |
| Application | Botan Project | Botan | 1.11.29 | All | All | All |
| Application | Botan Project | Botan | 1.11.3 | All | All | All |
| Application | Botan Project | Botan | 1.11.30 | All | All | All |
| Application | Botan Project | Botan | 1.11.31 | All | All | All |
| Application | Botan Project | Botan | 1.11.32 | All | All | All |
| Application | Botan Project | Botan | 1.11.33 | All | All | All |
| Application | Botan Project | Botan | 1.11.4 | All | All | All |
| Application | Botan Project | Botan | 1.11.5 | All | All | All |
| Application | Botan Project | Botan | 1.11.6 | All | All | All |
| Application | Botan Project | Botan | 1.11.7 | All | All | All |
| Application | Botan Project | Botan | 1.11.8 | All | All | All |
| Application | Botan Project | Botan | 1.11.9 | All | All | All |
| Application | Botan Project | Botan | 1.8.0 | All | All | All |
| Application | Botan Project | Botan | 1.8.1 | All | All | All |
| Application | Botan Project | Botan | 1.8.10 | All | All | All |
| Application | Botan Project | Botan | 1.8.11 | All | All | All |
| Application | Botan Project | Botan | 1.8.12 | All | All | All |
| Application | Botan Project | Botan | 1.8.13 | All | All | All |
| Application | Botan Project | Botan | 1.8.14 | All | All | All |
| Application | Botan Project | Botan | 1.8.15 | All | All | All |
| Application | Botan Project | Botan | 1.8.2 | All | All | All |
| Application | Botan Project | Botan | 1.8.3 | All | All | All |
| Application | Botan Project | Botan | 1.8.4 | All | All | All |
| Application | Botan Project | Botan | 1.8.5 | All | All | All |
| Application | Botan Project | Botan | 1.8.6 | All | All | All |
| Application | Botan Project | Botan | 1.8.7 | All | All | All |
| Application | Botan Project | Botan | 1.8.8 | All | All | All |
| Application | Botan Project | Botan | 1.8.9 | All | All | All |
| Application | Botan Project | Botan | 1.9.0 | All | All | All |
| Application | Botan Project | Botan | 1.9.1 | All | All | All |
| Application | Botan Project | Botan | 1.9.10 | All | All | All |
| Application | Botan Project | Botan | 1.9.11 | All | All | All |
| Application | Botan Project | Botan | 1.9.12 | All | All | All |
| Application | Botan Project | Botan | 1.9.13 | All | All | All |
| Application | Botan Project | Botan | 1.9.14 | All | All | All |
| Application | Botan Project | Botan | 1.9.15 | All | All | All |
| Application | Botan Project | Botan | 1.9.16 | All | All | All |
| Application | Botan Project | Botan | 1.9.17 | All | All | All |
| Application | Botan Project | Botan | 1.9.18 | All | All | All |
| Application | Botan Project | Botan | 1.9.2 | All | All | All |
| Application | Botan Project | Botan | 1.9.3 | All | All | All |
| Application | Botan Project | Botan | 1.9.4 | All | All | All |
| Application | Botan Project | Botan | 1.9.5 | All | All | All |
| Application | Botan Project | Botan | 1.9.6 | All | All | All |
| Application | Botan Project | Botan | 1.9.7 | All | All | All |
| Application | Botan Project | Botan | 1.9.8 | All | All | All |
| Application | Botan Project | Botan | 1.9.9 | All | All | All |
| Application | Botan Project | Botan | 1.10.0 | All | All | All |
| Application | Botan Project | Botan | 1.10.1 | All | All | All |
| Application | Botan Project | Botan | 1.10.10 | All | All | All |
| Application | Botan Project | Botan | 1.10.11 | All | All | All |
| Application | Botan Project | Botan | 1.10.12 | All | All | All |
| Application | Botan Project | Botan | 1.10.13 | All | All | All |
| Application | Botan Project | Botan | 1.10.14 | All | All | All |
| Application | Botan Project | Botan | 1.10.15 | All | All | All |
| Application | Botan Project | Botan | 1.10.2 | All | All | All |
| Application | Botan Project | Botan | 1.10.3 | All | All | All |
| Application | Botan Project | Botan | 1.10.4 | All | All | All |
| Application | Botan Project | Botan | 1.10.5 | All | All | All |
| Application | Botan Project | Botan | 1.10.6 | All | All | All |
| Application | Botan Project | Botan | 1.10.7 | All | All | All |
| Application | Botan Project | Botan | 1.10.8 | All | All | All |
| Application | Botan Project | Botan | 1.10.9 | All | All | All |
| Application | Botan Project | Botan | 1.11.0 | All | All | All |
| Application | Botan Project | Botan | 1.11.1 | All | All | All |
| Application | Botan Project | Botan | 1.11.10 | All | All | All |
| Application | Botan Project | Botan | 1.11.11 | All | All | All |
| Application | Botan Project | Botan | 1.11.12 | All | All | All |
| Application | Botan Project | Botan | 1.11.13 | All | All | All |
| Application | Botan Project | Botan | 1.11.14 | All | All | All |
| Application | Botan Project | Botan | 1.11.15 | All | All | All |
| Application | Botan Project | Botan | 1.11.16 | All | All | All |
| Application | Botan Project | Botan | 1.11.17 | All | All | All |
| Application | Botan Project | Botan | 1.11.18 | All | All | All |
| Application | Botan Project | Botan | 1.11.19 | All | All | All |
| Application | Botan Project | Botan | 1.11.2 | All | All | All |
| Application | Botan Project | Botan | 1.11.20 | All | All | All |
| Application | Botan Project | Botan | 1.11.21 | All | All | All |
| Application | Botan Project | Botan | 1.11.23 | All | All | All |
| Application | Botan Project | Botan | 1.11.24 | All | All | All |
| Application | Botan Project | Botan | 1.11.25 | All | All | All |
| Application | Botan Project | Botan | 1.11.26 | All | All | All |
| Application | Botan Project | Botan | 1.11.27 | All | All | All |
| Application | Botan Project | Botan | 1.11.28 | All | All | All |
| Application | Botan Project | Botan | 1.11.29 | All | All | All |
| Application | Botan Project | Botan | 1.11.3 | All | All | All |
| Application | Botan Project | Botan | 1.11.30 | All | All | All |
| Application | Botan Project | Botan | 1.11.31 | All | All | All |
| Application | Botan Project | Botan | 1.11.32 | All | All | All |
| Application | Botan Project | Botan | 1.11.33 | All | All | All |
| Application | Botan Project | Botan | 1.11.4 | All | All | All |
| Application | Botan Project | Botan | 1.11.5 | All | All | All |
| Application | Botan Project | Botan | 1.11.6 | All | All | All |
| Application | Botan Project | Botan | 1.11.7 | All | All | All |
| Application | Botan Project | Botan | 1.11.8 | All | All | All |
| Application | Botan Project | Botan | 1.11.9 | All | All | All |
| Application | Botan Project | Botan | 1.8.0 | All | All | All |
| Application | Botan Project | Botan | 1.8.1 | All | All | All |
| Application | Botan Project | Botan | 1.8.10 | All | All | All |
| Application | Botan Project | Botan | 1.8.11 | All | All | All |
| Application | Botan Project | Botan | 1.8.12 | All | All | All |
| Application | Botan Project | Botan | 1.8.13 | All | All | All |
| Application | Botan Project | Botan | 1.8.14 | All | All | All |
| Application | Botan Project | Botan | 1.8.15 | All | All | All |
| Application | Botan Project | Botan | 1.8.2 | All | All | All |
| Application | Botan Project | Botan | 1.8.3 | All | All | All |
| Application | Botan Project | Botan | 1.8.4 | All | All | All |
| Application | Botan Project | Botan | 1.8.5 | All | All | All |
| Application | Botan Project | Botan | 1.8.6 | All | All | All |
| Application | Botan Project | Botan | 1.8.7 | All | All | All |
| Application | Botan Project | Botan | 1.8.8 | All | All | All |
| Application | Botan Project | Botan | 1.8.9 | All | All | All |
| Application | Botan Project | Botan | 1.9.0 | All | All | All |
| Application | Botan Project | Botan | 1.9.1 | All | All | All |
| Application | Botan Project | Botan | 1.9.10 | All | All | All |
| Application | Botan Project | Botan | 1.9.11 | All | All | All |
| Application | Botan Project | Botan | 1.9.12 | All | All | All |
| Application | Botan Project | Botan | 1.9.13 | All | All | All |
| Application | Botan Project | Botan | 1.9.14 | All | All | All |
| Application | Botan Project | Botan | 1.9.15 | All | All | All |
| Application | Botan Project | Botan | 1.9.16 | All | All | All |
| Application | Botan Project | Botan | 1.9.17 | All | All | All |
| Application | Botan Project | Botan | 1.9.18 | All | All | All |
| Application | Botan Project | Botan | 1.9.2 | All | All | All |
| Application | Botan Project | Botan | 1.9.3 | All | All | All |
| Application | Botan Project | Botan | 1.9.4 | All | All | All |
| Application | Botan Project | Botan | 1.9.5 | All | All | All |
| Application | Botan Project | Botan | 1.9.6 | All | All | All |
| Application | Botan Project | Botan | 1.9.7 | All | All | All |
| Application | Botan Project | Botan | 1.9.8 | All | All | All |
| Application | Botan Project | Botan | 1.9.9 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 25 Update: botan-1.10.14-3.fc25 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| [SECURITY] Fedora 24 Update: botan-1.10.14-3.fc24 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Fix BER decoder integer overflow · randombit/botan@987ad74 · GitHub | CONFIRM | github.com | Patch |
| Botan CVE-2016-9132 Integer Overflow Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| [SECURITY] Fedora 25 Update: botan-1.10.14-3.fc25 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 24 Update: botan-1.10.14-3.fc24 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.