CVE-2015-7825 — Infinite Loop in Project Botan

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 45.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Botan Project Botan

Timeline

PublishedApr 10

Latest updateMay 17

Description

botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDbotan_project/botan1.11.21

🔴Vulnerability Details

GHSA

GHSA-fwxq-2pfp-qwcq: botan before 1↗2022-05-17

▶

💬Community

Bugzilla

CVE-2015-7825 botan: infinite loop during certificate path validation↗2016-02-24

▶