Bug 968028 - (CVE-2015-7825) VUL-0: CVE-2015-7825: Botan: Infinite loop during certificate path validation
(CVE-2015-7825)
VUL-0: CVE-2015-7825: Botan: Infinite loop during certificate path validation
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Philipp Thomas
Security Team bot
https://smash.suse.de/issue/162163/
CVSSv2:RedHat:CVE-2015-7825:4.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-24 11:35 UTC by Alexander Bergmann
Modified: 2016-04-07 12:55 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2016-02-24 11:35:25 UTC
http://botan.randombit.net/security.html

2015-10-26 (CVE-2015-7825): Infinite loop during certificate path validation

When evaluating a certificate path, if a loop in the certificate chain was encountered (for instance where C1 certifies C2, which certifies C1) an infinite loop would occur eventually resulting in memory exhaustion. Found in a review by Sirrix AG and 3curity GmbH.

Introduced in 1.11.6, fixed in 1.11.22

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7825
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7825.html
Comment 1 Swamp Workflow Management 2016-02-24 23:03:42 UTC
bugbot adjusting priority
Comment 2 Johannes Segitz 2016-04-07 12:55:23 UTC
Introduced in 1.11.6, not affecting us