Bug 968025 (CVE-2015-5726) - VUL-0: CVE-2015-5726: Botan: Crash in BER decoder
Summary: VUL-0: CVE-2015-5726: Botan: Crash in BER decoder
Status: RESOLVED FIXED
Alias: CVE-2015-5726
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/162160/
Whiteboard: CVSSv2:RedHat:CVE-2015-5726:4.3:(AV:N...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-02-24 11:35 UTC by Alexander Bergmann
Modified: 2017-05-09 16:11 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2016-02-24 11:35:06 UTC 
http://botan.randombit.net/security.html

2015-08-03 (CVE-2015-5726): Crash in BER decoder

The BER decoder would crash due to reading from offset 0 of an empty vector if it encountered a BIT STRING which did not contain any data at all. This can be used to easily crash applicatons reading untrusted ASN.1 data, but does not seem exploitable for code execution. Found with afl.

Fixed in 1.11.19 and 1.10.10, affected all previous versions of 1.10 and 1.11

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5726
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5726.html
Comment 1 Swamp Workflow Management 2016-02-24 23:03:15 UTC 
bugbot adjusting priority
Comment 2 Bernhard Wiedemann 2017-04-12 16:02:14 UTC 
This is an autogenerated message for OBS integration:
This bug (968025) was mentioned in
https://build.opensuse.org/request/show/487622 Factory / Botan
Comment 6 Daniel Molkentin 2017-04-24 09:45:58 UTC 
SLE12 submitted, SLE 11 unaffected, back to security team for processing.
Comment 7 Victor Pereira 2017-05-09 14:25:51 UTC 
fixed and released
Comment 8 Swamp Workflow Management 2017-05-09 16:11:11 UTC 
SUSE-SU-2017:1222-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1013209,1033605,965620,965621,968025,968026,968030,974521,977420
CVE References: CVE-2014-9742,CVE-2015-5726,CVE-2015-5727,CVE-2015-7827,CVE-2016-2194,CVE-2016-2195,CVE-2016-2849,CVE-2016-9132,CVE-2017-2801
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    Botan-1.10.9-3.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    Botan-1.10.9-3.1