CVE-2015-5726

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.

Published: May 13, 2016
Updated: Nov 9, 2025
CVE: CVE-2015-5726
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
botan_project / botan	1.10.7	1.10.7.x
botan_project / botan	1.11.18	1.11.18.x
botan_project / botan	1.11.0	1.11.0.x
botan_project / botan	1.10.9	1.10.9.x
botan_project / botan	1.11.12	1.11.12.x
botan_project / botan	1.10.8	1.10.8.x
botan_project / botan	1.11.3	1.11.3.x
botan_project / botan	1.10.1	1.10.1.x
botan_project / botan	1.11.17	1.11.17.x
botan_project / botan	1.10.6	1.10.6.x
botan_project / botan	1.11.10	1.11.10.x
botan_project / botan	1.11.14	1.11.14.x
botan_project / botan	1.11.1	1.11.1.x
botan_project / botan	1.11.6	1.11.6.x
botan_project / botan	1.10.0	1.10.0.x
botan_project / botan	1.10.3	1.10.3.x
botan_project / botan	1.11.11	1.11.11.x
botan_project / botan	1.11.4	1.11.4.x
botan_project / botan	1.11.7	1.11.7.x
botan_project / botan	1.11.5	1.11.5.x
botan_project / botan	1.10.2	1.10.2.x
botan_project / botan	1.11.8	1.11.8.x
botan_project / botan	1.11.13	1.11.13.x
botan_project / botan	1.11.15	1.11.15.x
botan_project / botan	1.11.9	1.11.9.x
botan_project / botan	1.11.16	1.11.16.x
botan_project / botan	1.10.4	1.10.4.x
botan_project / botan	1.10.5	1.10.5.x
botan_project / botan	1.11.2	1.11.2.x
debian / debian_linux	8.0	8.0.x

Vulnerability Database

314,343

CVE-2015-5726

Deep Security Visibility Without the Complexity