[Botan-announce] Botan 1.11.28 and 1.10.11 released with security fixes

Jack Lloyd lloyd at randombit.net
Mon Feb 1 13:31:21 EST 2016


Hi,

Botan 1.11.28 and 1.10.11 have been released today fixing several
critical security bugs including:

- A heap overflow in ECC multiplication which can be triggered from
  attacker controlled inputs (CVE-2016-2195). This is likely usable
  for remote code execution. Found by Alex Gaynor.

- An infinite loop in the modular square root algorithm (CVE-2016-2194).
  This is exposed to untrusted input via the ECC point decompression
  algorithm. Found by AFL.

- In 1.11.x only, a heap overflow of a single word (4 or 8 bytes) of
  zeros during P-521 reduction (CVE-2016-2196). Found by AFL.

Especially the point multiplication overflow is quite critical, all
users of ECC should upgrade immediately.

http://botan.randombit.net/releases/Botan-1.11.28.tgz
http://botan.randombit.net/releases/Botan-1.11.28.tgz.asc
http://botan.randombit.net/releases/Botan-1.10.11.tgz
http://botan.randombit.net/releases/Botan-1.10.11.tgz.asc

Best,
  Jack


More information about the botan-announce mailing list