[Bug 1089100] New: VUL-0: CVE-2018-9860: Botan: off by one error in TLS CBC decryption
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1089100 Bug ID: 1089100 Summary: VUL-0: CVE-2018-9860: Botan: off by one error in TLS CBC decryption Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/203450/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: daniel.molkentin@suse.com Reporter: abergmann@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2018-9860 https://botan.randombit.net/security.html 2018-04-10 (CVE-2018-9860): Memory overread in TLS CBC decryption An off by one error in TLS CBC decryption meant that for a particular malformed ciphertext, the receiver would miscompute a length field and HMAC exactly 64K bytes of data following the record buffer as if it was part of the message. This cannot be used to leak information since the MAC comparison will subsequently fail and the connection will be closed. However it might be used for denial of service. Found by OSS-Fuzz. Bug introduced in 1.11.32, fixed in 2.6.0 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9860 https://botan.randombit.net/news.html#version-2-6-0-2018-04-10 -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1089100
http://bugzilla.opensuse.org/show_bug.cgi?id=1089100#c1
Alexander Bergmann
participants (1)
-
bugzilla_noreply@novell.com