This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1311992 - (CVE-2015-5726) CVE-2015-5726 botan: crash in BER decoder
CVE-2015-5726 botan: crash in BER decoder
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20150803,repor...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-25 08:08 EST by Andrej Nemec
Modified: 2016-04-29 14:27 EDT (History)
1 user (show)

See Also:
Fixed In Version: botan 1.11.19, botan 1.10.10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrej Nemec 2016-02-25 08:08:10 EST
The BER decoder would crash due to reading from offset 0 of an empty vector if it encountered a BIT STRING which did not contain any data at all. This can be used to easily crash applicatons reading untrusted ASN.1 data, but does not seem exploitable for code execution.

External references:

http://botan.randombit.net/security.html
Comment 1 Thomas Moschny 2016-04-29 14:27:12 EDT
CVE-2015-5726 has been fixed in 1.8.15 and 1.10.10.

As of today, we have:

   el5: botan-1.8.15-1
   el6: botan-1.8.15-1
 epel7: botan-1.10.12-1
   f22: botan-1.10.12-1
   f23: botan-1.10.12-1
   f24: botan-1.10.12-1
master: botan-1.10.12-1

So this bug can be closed imho.

Note You need to log in before you can comment on or make changes to this bug.