CVE-2015-5726 — Improper Input Validation in Project Botan

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.9%

top 24.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Botan Project Botan Debian Linux

Timeline

PublishedMay 13

Latest updateMay 17

Description

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDbotan_project/botan29 versions+28

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-jcv7-v2cp-24v2: The BER decoder in Botan 0↗2022-05-17

▶

OSV

CVE-2015-5726: The BER decoder in Botan 0↗2016-05-13

▶

💬Community

Bugzilla

CVE-2015-5726 botan: crash in BER decoder↗2016-02-25

▶