CVE-2018-9860

HIGH Year: 2018
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-193
View all →

Vulnerability Description

An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will subsequently fail and the connection will be closed. This could be used for denial of service. No information leak occurs.

Related Vulnerabilities

CVE-1999-1568

HIGH
CVSS:7.5(High)

Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command.

CWE-1931999

CVE-2002-1721

HIGH
CVSS:7.5(High)

Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service (crash) via an x-header that causes snprintf overwrite the FFGET_FILE variable with a (null) byte.

CWE-1932002

CVE-2002-1745

HIGH
CVSS:7.5(High)

Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, ...

CWE-1932002

CVE-2003-0625

HIGH
CVSS:7.5(High)

Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the ser...

CWE-1932003

CVE-2006-4574

HIGH
CVSS:7.5(High)

Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an...

CWE-1932006

CVE-2014-8182

HIGH
CVSS:7.5(High)

An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with craf...

CWE-1932014