CVE-2016-2194 — Improper Input Validation in Project Botan

CWE-20 — Improper Input Validation6 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.7%

top 17.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Botan Project Botan Debian Linux

Timeline

PublishedMay 13

Latest updateMay 17

Description

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDbotan_project/botan1.10.10+27

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-v886-f89m-8x7j: The ressol function in Botan before 1↗2022-05-17

▶

OSV

CVE-2016-2194: The ressol function in Botan before 1↗2016-05-13

▶

💬Community

Bugzilla

CVE-2016-2194 CVE-2016-2195 CVE-2016-2196 botan: various flaws fixed in 1.11.27 and 1.10.11 [fedora-all]↗2016-02-08

▶

Bugzilla

CVE-2016-2196 CVE-2016-2195 CVE-2016-2194 botan: various flaws fixed in 1.11.27 and 1.10.11↗2016-02-08

▶

Bugzilla

CVE-2016-2194 CVE-2016-2195 CVE-2016-2196 botan: various flaws fixed in 1.11.27 and 1.10.11 [epel-all]↗2016-02-08

▶