Candidate: CVE-2016-9132
PublicDate: 2017-01-30 22:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9132
Description:
 In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow
 could occur, which would cause an incorrect length field to be computed.
 Some API callers may use the returned (incorrect and attacker controlled)
 length field in a way which later causes memory corruption or other
 failure.
Ubuntu-Description:
 It was discovered that Botan did not properly decode BER data while parsing
 untrusted inputs such as X.509 certificates. An attacker could possibly
 use this issue to cause memory corruption or other failure, resulting in an
 integer overflow attack.

Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_botan1.10:
 upstream: https://github.com/randombit/botan/commit/987ad747db6d0d7e36f840398f3cf02e2fbfd90f
upstream_botan1.10: released (1.10.14-1)
precise_botan1.10: ignored (reached end-of-life)
precise/esm_botan1.10: DNE (precise was needed)
trusty_botan1.10: ignored (reached end-of-life)
trusty/esm_botan1.10: DNE (trusty was needed)
vivid/stable-phone-overlay_botan1.10: DNE
vivid/ubuntu-core_botan1.10: DNE
xenial_botan1.10: ignored (end of standard support, was needed)
yakkety_botan1.10: ignored (reached end-of-life)
zesty_botan1.10: ignored (reached end-of-life)
artful_botan1.10: not-affected (1.10.14-1)
bionic_botan1.10: not-affected (1.10.14-1)
cosmic_botan1.10: not-affected (1.10.14-1)
disco_botan1.10: DNE
eoan_botan1.10: DNE
focal_botan1.10: DNE
groovy_botan1.10: DNE
hirsute_botan1.10: DNE
impish_botan1.10: DNE
jammy_botan1.10: DNE
devel_botan1.10: DNE

Patches_botan1.8:
upstream_botan1.8: needed
precise_botan1.8: ignored (reached end-of-life)
precise/esm_botan1.8: DNE (precise was needed)
trusty_botan1.8: DNE
trusty/esm_botan1.8: DNE
vivid/stable-phone-overlay_botan1.8: DNE
vivid/ubuntu-core_botan1.8: DNE
xenial_botan1.8: DNE
yakkety_botan1.8: DNE
zesty_botan1.8: DNE
artful_botan1.8: DNE
bionic_botan1.8: DNE
cosmic_botan1.8: DNE
disco_botan1.8: DNE
eoan_botan1.8: DNE
focal_botan1.8: DNE
groovy_botan1.8: DNE
hirsute_botan1.8: DNE
impish_botan1.8: DNE
jammy_botan1.8: DNE
devel_botan1.8: DNE