CVE-2016-2194

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
debiandebian_linux
8.0
botan_projectbotan
𝑥
≤ 1.10.10
botan_projectbotan
1.11.0
botan_projectbotan
1.11.1
botan_projectbotan
1.11.2
botan_projectbotan
1.11.3
botan_projectbotan
1.11.4
botan_projectbotan
1.11.5
botan_projectbotan
1.11.6
botan_projectbotan
1.11.7
botan_projectbotan
1.11.8
botan_projectbotan
1.11.9
botan_projectbotan
1.11.10
botan_projectbotan
1.11.11
botan_projectbotan
1.11.12
botan_projectbotan
1.11.13
botan_projectbotan
1.11.14
botan_projectbotan
1.11.15
botan_projectbotan
1.11.16
botan_projectbotan
1.11.17
botan_projectbotan
1.11.18
botan_projectbotan
1.11.19
botan_projectbotan
1.11.20
botan_projectbotan
1.11.21
botan_projectbotan
1.11.22
botan_projectbotan
1.11.23
botan_projectbotan
1.11.24
botan_projectbotan
1.11.25
botan_projectbotan
1.11.26
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
botan1.10
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
ignored
trusty
Fixed 1.10.5-1+deb7u1ubuntu0.14.04.1
released
precise
ignored
Common Weakness Enumeration
References
http://botan.randombit.net/security.html
http://marc.info/?l=botan-devel&m=145435148602911&w=2
http://marc.info/?l=botan-devel&m=145449001708138&w=2
http://www.debian.org/security/2016/dsa-3565
https://security.gentoo.org/glsa/201612-38
http://botan.randombit.net/security.html
http://marc.info/?l=botan-devel&m=145435148602911&w=2
http://marc.info/?l=botan-devel&m=145449001708138&w=2
http://www.debian.org/security/2016/dsa-3565
https://security.gentoo.org/glsa/201612-38