CVE-2018-9860
First published: Thu Apr 12 2018(Updated: )
An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will subsequently fail and the connection will be closed. This could be used for denial of service. No information leak occurs.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Botan Project Botan | >=1.11.32<2.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2018-9860.
What is the severity rating of CVE-2018-9860?
CVE-2018-9860 has a severity rating of 7.5 (high).
What software is affected by CVE-2018-9860?
Botan versions 1.11.32 through 2.x (before 2.6.0) are affected by CVE-2018-9860.
What is the impact of CVE-2018-9860?
The vulnerability in Botan could lead to an over-read, causing the receiving side to include excessive data in the HMAC computation.
How can I fix CVE-2018-9860?
Update Botan to version 2.6.0 or later to fix CVE-2018-9860.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/weakness
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/botan project
- canonical/botan project botan
- version/botan project botan/1.11.32