| Bug ID | 1089100 |
|---|---|
| Summary | VUL-0: CVE-2018-9860: Botan: off by one error in TLS CBC decryption |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.3 |
| Hardware | Other |
| URL | https://smash.suse.de/issue/203450/ |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | daniel.molkentin@suse.com |
| Reporter | abergmann@suse.com |
| QA Contact | security-team@suse.de |
| Found By | Security Response Team |
| Blocker | --- |
CVE-2018-9860 https://botan.randombit.net/security.html 2018-04-10 (CVE-2018-9860): Memory overread in TLS CBC decryption An off by one error in TLS CBC decryption meant that for a particular malformed ciphertext, the receiver would miscompute a length field and HMAC exactly 64K bytes of data following the record buffer as if it was part of the message. This cannot be used to leak information since the MAC comparison will subsequently fail and the connection will be closed. However it might be used for denial of service. Found by OSS-Fuzz. Bug introduced in 1.11.32, fixed in 2.6.0 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9860 https://botan.randombit.net/news.html#version-2-6-0-2018-04-10