First Last Prev Next    This bug is not in your last search results.
Bug 1089100 - (CVE-2018-9860) VUL-0: CVE-2018-9860: Botan: off by one error in TLS CBC decryption
(CVE-2018-9860)
VUL-0: CVE-2018-9860: Botan: off by one error in TLS CBC decryption
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 42.3
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Daniel Molkentin
Security Team bot
https://smash.suse.de/issue/203450/
CVSSv3:RedHat:CVE-2018-9860:3.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-04-11 12:53 UTC by Alexander Bergmann
Modified: 2018-04-18 22:55 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-04-11 12:53:08 UTC 
CVE-2018-9860

https://botan.randombit.net/security.html

2018-04-10 (CVE-2018-9860): Memory overread in TLS CBC decryption

An off by one error in TLS CBC decryption meant that for a particular malformed ciphertext, the receiver would miscompute a length field and HMAC exactly 64K bytes of data following the record buffer as if it was part of the message. This cannot be used to leak information since the MAC comparison will subsequently fail and the connection will be closed. However it might be used for denial of service. Found by OSS-Fuzz.

Bug introduced in 1.11.32, fixed in 2.6.0

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9860
https://botan.randombit.net/news.html#version-2-6-0-2018-04-10
Comment 1 Alexander Bergmann 2018-04-11 12:54:02 UTC 
openSUSE:Factory got already version 2.6.0. All other SLE/openSUSE versions are pre 1.11.32.

Closing as fixed.
First Last Prev Next    This bug is not in your last search results.