cvedb.io
CVE-2016-9132
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2017-01-30T22:59:00.827 · Last modified 2026-06-17T00:55:34.380

Summary

In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.

Affected products

botan_project — botan

Does this affect you?

Add your gear to cvedb and we'll alert you only when botan_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.