| Vulnerability Name: | CVE-2016-2196 (CCN-113802) | ||||||||||||||||||||||||
| Assigned: | 2015-03-23 | ||||||||||||||||||||||||
| Published: | 2015-03-23 | ||||||||||||||||||||||||
| Updated: | 2016-05-16 | ||||||||||||||||||||||||
| Summary: | Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (memory overwrite and crash) or execute arbitrary code via unspecified vectors. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-119 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
| References: | Source: CONFIRM Type: Vendor Advisory http://botan.randombit.net/security.html Source: MITRE Type: CNA CVE-2016-2196 Source: MLIST Type: Vendor Advisory [botan-devel] 20160201 Botan 1.11.28 and 1.10.11 released with security fixes Source: CCN Type: Botan Web site Botan Source: XF Type: UNKNOWN botan-cve20162196-bo(113802) Source: CCN Type: WhiteSource Vulnerability Database CVE-2016-2196 | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||