FS#58198 : [botan] CVE-2018-9860: Memory overread in TLS CBC decryption

FS#58198 - [botan] CVE-2018-9860: Memory overread in TLS CBC decryption

Attached to Project: Community Packages
Opened by Karol Babioch (kbabioch) - Wednesday, 11 April 2018, 12:40 GMT
Last edited by Alexander F. Rødseth (xyproto) - Sunday, 15 April 2018, 14:57 GMT

Task Type	Bug Report
Category	Packages
Status	Closed
Assigned To	Alexander F. Rødseth (xyproto) Levente Polyak (anthraxx)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

An off by one error in TLS CBC decryption meant that for a particular malformed ciphertext, the receiver would miscompute a length field and HMAC exactly 64K bytes of data following the record buffer as if it was part of the message. This cannot be used to leak information since the MAC comparison will subsequently fail and the connection will be closed. However it might be used for denial of service. Found by OSS-Fuzz.

Bug introduced in 1.11.32, fixed in 2.6.0

References:
https://github.com/randombit/botan/blob/master/doc/security.rst

This task depends upon

Closed by Alexander F. Rødseth (xyproto)
Sunday, 15 April 2018, 14:57 GMT
Reason for closing: Fixed

Comment by Alexander F. Rødseth (xyproto) - Thursday, 12 April 2018, 21:12 GMT

Thanks for reporting, botan 2.6.0 is now in [community-staging].

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#58198 - [botan] CVE-2018-9860: Memory overread in TLS CBC decryption

Details

Loading...