What is CVE-2016-9132?

CVE-2016-9132 is a critical-severity vulnerability in Botan_project Botan, classified under Integer Overflow or Wraparound. CVSS score: 9.8/10. Published 2017-01-30.

How severe is CVE-2016-9132?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Integer overflow in Botan_project Botan

CVE-2016-9132

In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a…

Vulnerability class: Integer Overflow

EPSS: 0.003 (49.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Botan_project Botan — versions 1.8.0, 1.8.1, 1.8.2
N/a — versions n/a

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

References

cve@mitre.org (vendor-advisory, x_refsource_FEDORA)
cve@mitre.org (x_refsource_CONFIRM, Patch)
cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
cve@mitre.org (vendor-advisory, x_refsource_FEDORA)

Frequently asked questions

What is CVE-2016-9132?: CVE-2016-9132 is a critical-severity vulnerability in Botan_project Botan, classified under Integer Overflow or Wraparound. CVSS score: 9.8/10. Published 2017-01-30.
How severe is CVE-2016-9132?: Critical severity. CVSS v3 base score is 9.8 out of 10.