Lucene search

[email protected]CVE-2016-2194

HistoryMay 13, 2016 - 2:59 p.m.

CVE-2016-2194

2016-05-1314:59:07

CWE-20

[email protected]

web.nvd.nist.gov

cve-2016-2194

botan

denial of service

os2ecp function

security advisory

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.1 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.7%

JSON

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.

Affected configurations

NVD

Node

debiandebian_linuxMatch8.0

Node

botan_projectbotanRange≤1.10.10

botan_projectbotanMatch1.11.0

botan_projectbotanMatch1.11.1

botan_projectbotanMatch1.11.2

botan_projectbotanMatch1.11.3

botan_projectbotanMatch1.11.4

botan_projectbotanMatch1.11.5

botan_projectbotanMatch1.11.6

botan_projectbotanMatch1.11.7

botan_projectbotanMatch1.11.8

botan_projectbotanMatch1.11.9

botan_projectbotanMatch1.11.10

botan_projectbotanMatch1.11.11

botan_projectbotanMatch1.11.12

botan_projectbotanMatch1.11.13

botan_projectbotanMatch1.11.14

botan_projectbotanMatch1.11.15

botan_projectbotanMatch1.11.16

botan_projectbotanMatch1.11.17

botan_projectbotanMatch1.11.18

botan_projectbotanMatch1.11.19

botan_projectbotanMatch1.11.20

botan_projectbotanMatch1.11.21

botan_projectbotanMatch1.11.22

botan_projectbotanMatch1.11.23

botan_projectbotanMatch1.11.24

botan_projectbotanMatch1.11.25

botan_projectbotanMatch1.11.26

CPENameOperatorVersion
debian:debian_linuxdebian debian linuxeq8.0

CPE	Name	Operator	Version
debian:debian_linux	debian debian linux	eq	8.0

References

botan.randombit.net/security.html

marc.info/?l=botan-devel&m=145435148602911&w=2

marc.info/?l=botan-devel&m=145449001708138&w=2

www.debian.org/security/2016/dsa-3565

security.gentoo.org/glsa/201612-38

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.1 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.7%

JSON

Related for CVE-2016-2194

ubuntucve1 nvd1 prion1 cvelist1 debiancve1 gentoo1 nessus5 freebsd1 fedora10 openvas9 archlinux1 mageia1 debian3 osv2