[botan-devel] Botan 1.11.28 and 1.10.11 released with security fixes
lloyd at randombit.net
Mon Feb 1 13:31:21 EST 2016
Botan 1.11.28 and 1.10.11 have been released today fixing several
critical security bugs including:
- A heap overflow in ECC multiplication which can be triggered from
attacker controlled inputs (CVE-2016-2195). This is likely usable
for remote code execution. Found by Alex Gaynor.
- An infinite loop in the modular square root algorithm (CVE-2016-2194).
This is exposed to untrusted input via the ECC point decompression
algorithm. Found by AFL.
- In 1.11.x only, a heap overflow of a single word (4 or 8 bytes) of
zeros during P-521 reduction (CVE-2016-2196). Found by AFL.
Especially the point multiplication overflow is quite critical, all
users of ECC should upgrade immediately.
More information about the botan-devel