1311992 – (CVE-2015-5726) CVE-2015-5726 botan: crash in BER decoder

Bug 1311992 (CVE-2015-5726) - CVE-2015-5726 botan: crash in BER decoder

Summary: CVE-2015-5726 botan: crash in BER decoder

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2015-5726
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-02-25 13:08 UTC by Andrej Nemec
Modified:	2021-02-17 04:17 UTC (History)
CC List:	1 user (show)
Fixed In Version:	botan 1.11.19, botan 1.10.10
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-01-30 09:49:54 UTC
Embargoed:

Attachments	(Terms of Use)

Description Andrej Nemec 2016-02-25 13:08:10 UTC

The BER decoder would crash due to reading from offset 0 of an empty vector if it encountered a BIT STRING which did not contain any data at all. This can be used to easily crash applicatons reading untrusted ASN.1 data, but does not seem exploitable for code execution.

External references:

http://botan.randombit.net/security.html

Comment 1 Thomas Moschny 2016-04-29 18:27:12 UTC

CVE-2015-5726 has been fixed in 1.8.15 and 1.10.10.

As of today, we have:

   el5: botan-1.8.15-1
   el6: botan-1.8.15-1
 epel7: botan-1.10.12-1
   f22: botan-1.10.12-1
   f23: botan-1.10.12-1
   f24: botan-1.10.12-1
master: botan-1.10.12-1

So this bug can be closed imho.

Note You need to log in before you can comment on or make changes to this bug.