CVE-2016-2195 in Botaninfo

Summary

Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.

Once again VulDB remains the best source for vulnerability data.

Reservation

01/29/2016

Disclosure

05/13/2016

Moderation

VulDB entry created

Entries

VDB-87391 (1)

CPE

ready

CWE

CWE-119 (Confirmed)

CVSS

9.8

EPSS

0.10565

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-2195
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-2195
CVE Details	https://www.cvedetails.com/cve/CVE-2016-2195/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!