1
Candidate: CVE-2018-9860
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9860
5
https://github.com/randombit/botan/commit/ec222c99719c396a1f4756b2ca345dbbfbeb5ed5
7
An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An
8
off-by-one error when processing malformed TLS-CBC ciphertext could cause
9
the receiving side to include in the HMAC computation exactly 64K bytes of
10
data following the record buffer, aka an over-read. The MAC comparison will
11
subsequently fail and the connection will be closed. This could be used for
12
denial of service. No information leak occurs.
22
upstream_botan1.10: needs-triage
23
precise/esm_botan1.10: DNE
24
trusty_botan1.10: needs-triage
25
xenial_botan1.10: needs-triage
26
artful_botan1.10: needs-triage
27
bionic_botan1.10: needs-triage
28
devel_botan1.10: needs-triage
31
upstream_botan: released (2.4.0-6)
32
precise/esm_botan: DNE
36
bionic_botan: needs-triage
37
devel_botan: needs-triage