CVE-2016-6878 — Improper Input Validation in Project Botan

CWE-20 — Improper Input Validation2 documents2 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 39.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Botan Project Botan

Timeline

PublishedApr 10

Latest updateMay 17

Description

The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDbotan_project/botan1.11.30

🔴Vulnerability Details

GHSA

GHSA-rpqv-r42w-hw82: The Curve25519 code in botan before 1↗2022-05-17

▶