CVE-2016-9132

critical

Published 2017-01-30 · Modified 2026-05-13

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

7.5

VIR risk

9.8

Description

In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2016-9132.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/randombit/botan/commit/987ad747db6d0d7e36f840398f3cf02e2fbfd90f

OS impact

OS	Version	Status	Fixed in
sles		affected

Application impact

Vendor	Product	Versions
botan_project	botan	`1.8.0`
botan_project	botan	`1.8.1`
botan_project	botan	`1.8.2`
botan_project	botan	`1.8.3`
botan_project	botan	`1.8.4`
botan_project	botan	`1.8.5`
botan_project	botan	`1.8.6`
botan_project	botan	`1.8.7`
botan_project	botan	`1.8.8`
botan_project	botan	`1.8.9`
botan_project	botan	`1.8.10`
botan_project	botan	`1.8.11`
botan_project	botan	`1.8.12`
botan_project	botan	`1.8.13`
botan_project	botan	`1.8.14`
botan_project	botan	`1.8.15`
botan_project	botan	`1.9.0`
botan_project	botan	`1.9.1`
botan_project	botan	`1.9.2`
botan_project	botan	`1.9.3`
botan_project	botan	`1.9.4`
botan_project	botan	`1.9.5`
botan_project	botan	`1.9.6`
botan_project	botan	`1.9.7`
botan_project	botan	`1.9.8`
botan_project	botan	`1.9.9`
botan_project	botan	`1.9.10`
botan_project	botan	`1.9.11`
botan_project	botan	`1.9.12`
botan_project	botan	`1.9.13`
botan_project	botan	`1.9.14`
botan_project	botan	`1.9.15`
botan_project	botan	`1.9.16`
botan_project	botan	`1.9.17`
botan_project	botan	`1.9.18`
botan_project	botan	`1.10.0`
botan_project	botan	`1.10.1`
botan_project	botan	`1.10.2`
botan_project	botan	`1.10.3`
botan_project	botan	`1.10.4`
botan_project	botan	`1.10.5`
botan_project	botan	`1.10.6`
botan_project	botan	`1.10.7`
botan_project	botan	`1.10.8`
botan_project	botan	`1.10.9`
botan_project	botan	`1.10.10`
botan_project	botan	`1.10.11`
botan_project	botan	`1.10.12`
botan_project	botan	`1.10.13`
botan_project	botan	`1.10.14`
botan_project	botan	`1.10.15`
botan_project	botan	`1.11.0`
botan_project	botan	`1.11.1`
botan_project	botan	`1.11.2`
botan_project	botan	`1.11.3`
botan_project	botan	`1.11.4`
botan_project	botan	`1.11.5`
botan_project	botan	`1.11.6`
botan_project	botan	`1.11.7`
botan_project	botan	`1.11.8`
botan_project	botan	`1.11.9`
botan_project	botan	`1.11.10`
botan_project	botan	`1.11.11`
botan_project	botan	`1.11.12`
botan_project	botan	`1.11.13`
botan_project	botan	`1.11.14`
botan_project	botan	`1.11.15`
botan_project	botan	`1.11.16`
botan_project	botan	`1.11.17`
botan_project	botan	`1.11.18`
botan_project	botan	`1.11.19`
botan_project	botan	`1.11.20`
botan_project	botan	`1.11.21`
botan_project	botan	`1.11.23`
botan_project	botan	`1.11.24`
botan_project	botan	`1.11.25`
botan_project	botan	`1.11.26`
botan_project	botan	`1.11.27`
botan_project	botan	`1.11.28`
botan_project	botan	`1.11.29`
botan_project	botan	`1.11.30`
botan_project	botan	`1.11.31`
botan_project	botan	`1.11.32`
botan_project	botan	`1.11.33`

References

CWEs

CWE-190

Verify integrity in audit chain (admin only). AS-IS.