The BER decoder would allocate a fairly arbitrary amount of memory in a length field, even if there was no chance the read request would succeed. This might cause the process to run out of memory or invoke the OOM killer. External references: http://botan.randombit.net/security.html
CVE-2015-5727 has been fixed in 1.8.15 and 1.10.10. As of today, we have: el5: botan-1.8.15-1 el6: botan-1.8.15-1 epel7: botan-1.10.12-1 f22: botan-1.10.12-1 f23: botan-1.10.12-1 f24: botan-1.10.12-1 master: botan-1.10.12-1 So this bug can be closed imho.