CVE-2016-6878

Published: Apr 10, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang.

Affected (1)

Products: Botan Project: Botan

Botan Project

1 product

Botan

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Botan Project Botan	Up to 1.11.30

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://botan.randombit.net/security.html#id2

Source: cve@mitre.org

Third Party Advisory

https://botan.randombit.net/security.html#id2

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.