Bug 1311992 (CVE-2015-5726)

Summary: CVE-2015-5726 botan: crash in BER decoder
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: thomas.moschny
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: botan 1.11.19, botan 1.10.10 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-01-30 09:49:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Andrej Nemec 2016-02-25 13:08:10 UTC 
The BER decoder would crash due to reading from offset 0 of an empty vector if it encountered a BIT STRING which did not contain any data at all. This can be used to easily crash applicatons reading untrusted ASN.1 data, but does not seem exploitable for code execution.

External references:

http://botan.randombit.net/security.html
Comment 1 Thomas Moschny 2016-04-29 18:27:12 UTC 
CVE-2015-5726 has been fixed in 1.8.15 and 1.10.10.

As of today, we have:

   el5: botan-1.8.15-1
   el6: botan-1.8.15-1
 epel7: botan-1.10.12-1
   f22: botan-1.10.12-1
   f23: botan-1.10.12-1
   f24: botan-1.10.12-1
master: botan-1.10.12-1

So this bug can be closed imho.